Apple loses iOS copyright claim in suit against security firm Corellium
A U.S. federal court has handed a win to security firm Corellium, ruling that its emulation of Apple's iOS is fair use.
Credit: Corellium
U.S. District Court Judge Rodney Smith issued the ruling on Tuesday, throwing out Apple's claims that Corellium had violated its copyrights. Judge Smith denied Apple's motion and granted Corellium's in part to "the extent the Court finds that Corellium's use of iOS constitutes fair use."
On the other hand, he didn't throw out any motions related to the DMCA claim. Apple had accused the company of violating the Digital Millennium Copyright Act, which criminalizes technology intended to circumvent access to copyrighted works, through illegal replication of the iOS operating system.
"Weighing all the necessary factors, the Court finds that Corellium has met its burden of establishing fair use. Thus, its use of iOS in connection with the Corellium Product is permissible," Judge Smith wrote.
Corellium was founded in 2017 and created a platform that allowed customers to run virtual iPhone environments on computers. That proved useful to security researchers, since it allowed them to find bugs and security vulnerabilities in iOS.
Apple first sued the virtualization company in 2019 for copyright infringement. Since then, Apple has escalated its fight with Corellium, subpoenaing records from contractors who have used the iOS emulating platforms.
Along with the copyright claims, Apple argued that Corellium's product could be dangerous if it fell into the wrong hands and that it sold the system indiscriminately. Judge Smith called the first argument "puzzling, if not disingenuous," and added that Corellium uses a vetting process before it sells its products to customers.
The Cupertino tech giant had initially attempted to acquire Corellium in 2018, The Washington Post reported. As those acquisition talks stalled, Apple filed the lawsuit that threatened to sink the startup. Compared to Apple, its resources and budget were limited.
Apple's lawsuit was said to have scared security researchers away from Corellium's product. In 2019, Apple announced the Security Research Device program, which allows researchers to find vulnerabilities in specialized iPhones and could serve as an alternative to Corellium and other products.
Credit: Corellium
U.S. District Court Judge Rodney Smith issued the ruling on Tuesday, throwing out Apple's claims that Corellium had violated its copyrights. Judge Smith denied Apple's motion and granted Corellium's in part to "the extent the Court finds that Corellium's use of iOS constitutes fair use."
On the other hand, he didn't throw out any motions related to the DMCA claim. Apple had accused the company of violating the Digital Millennium Copyright Act, which criminalizes technology intended to circumvent access to copyrighted works, through illegal replication of the iOS operating system.
"Weighing all the necessary factors, the Court finds that Corellium has met its burden of establishing fair use. Thus, its use of iOS in connection with the Corellium Product is permissible," Judge Smith wrote.
Corellium was founded in 2017 and created a platform that allowed customers to run virtual iPhone environments on computers. That proved useful to security researchers, since it allowed them to find bugs and security vulnerabilities in iOS.
Apple first sued the virtualization company in 2019 for copyright infringement. Since then, Apple has escalated its fight with Corellium, subpoenaing records from contractors who have used the iOS emulating platforms.
Along with the copyright claims, Apple argued that Corellium's product could be dangerous if it fell into the wrong hands and that it sold the system indiscriminately. Judge Smith called the first argument "puzzling, if not disingenuous," and added that Corellium uses a vetting process before it sells its products to customers.
The Cupertino tech giant had initially attempted to acquire Corellium in 2018, The Washington Post reported. As those acquisition talks stalled, Apple filed the lawsuit that threatened to sink the startup. Compared to Apple, its resources and budget were limited.
Apple's lawsuit was said to have scared security researchers away from Corellium's product. In 2019, Apple announced the Security Research Device program, which allows researchers to find vulnerabilities in specialized iPhones and could serve as an alternative to Corellium and other products.
Apple Versus Corellium- Ruling by Mike Wuerthele on Scribd
Comments
No, it doesn't, because merely buying an iPhone doesn't allow you to run it in a virtualized environment the way Corelium does, which Apple is arguing gives the user of such virtualization a better tool to develop exploits with. Whether that's true or not I can't say, but that's what they're arguing, and that's different than having an iPhone alone.
I want all exploits to be found, the more “dangerous” the better. I don’t need security holes covered up, I need them exposed.
Also, a device owner’s root access is not “insecure”, insecure is only if someone without credentials can gain privileged access.
So, in reality, EVERYONE should be getting these “special” iPhones as these aren’t “insecure”, they are just less obscure.
Maybe apple should create a { iOS light, fee ba$e ) a scale down version of the iOS for third party handset manufactures with the same access to the app store. This way they can monitor the gps of the downloads and the devices. As Tim Apple said "it only takes ONE bad actor to compromise an ecosystem. What do you guys think?
In reference to "The fact that there seem to be a lot of articles about Apple lawsuits lately?" It seems like EVERY one wants to take down Goliath. Keep in mind that apple is still the underdog in the computer industry. Its apple vs every one else.
I find it puzzling that the judge would find opening a security hole "puzzling". What rock does he live under? Perhaps we should find it puzzling that he locks his doors at night. After all: What could possibly go wrong?
What struck me reading the opinion is the extent to which the judge went to a whole lot of trouble to support Corellium's arguments. I felt quite uncomfortable reading it.
Since this is a motion for summary judgment, where all facts remaining in dispute are interpreted in the other party's favor, it seems the judge did just the opposite. Remember, no evidence was presented to the court as a trier of fact. Everything the court knows was in the form of affidavits, and perhaps some cross examinations in the discovery phase of this lawsuit (perhaps). The court does say much of the argument is based on sealed documents -- as one can tell by noticing some of the court's language is redacted.
Not knowing the recent case law on copyright of computer programs, I was uncomfortable with the court mixing up patent law concepts of functionality and utility with copyright protections. Considering Fair Use is an Equitable Law concept, the court seemed too willing to invoke the concept for the benefit of Corellium.
I could have imagined Apple losing on the Motion For Summary Judgment based on Estoppel (the allegation that Apple approved of Corellium during which time they were in negotiation for purchase by Apple).
Anyway, the Court's overly broad interpretation of Fair Use, IMHO, left me cold.
I think Apple are legally in the right... but they’re acting like a 2-faced mega corporation. Apple could have handled this better.