Tag: Corellium

Posted on

Apple drops its lawsuit against maker of iPhone emulation software

Steve Dent Contributor
Steve Dent is an associate editor at Engadget.
More posts by this contributor

Apple has settled its 2019 lawsuit with Corellium, a company that builds virtual iOS devices used by security researchers to find bugs in iPhones and other iOS devices, the Washington Post has reported. The terms of the settlement weren’t disclosed, but the agreement comes after Apple suffered a major court loss in the dispute in late 2020.

Corellium’s software allows users to run virtual iPhones on a computer browser, giving them deep access to iOS without the need for a physical device. In addition to accusing Corellium of infringing on its copyright, Apple said the company was selling its product indiscriminately, thereby compromising the platform’s security.

Specifically, Apple accused the company of selling its products to governments that could have probed its products for flaws. When he was employed by another company, Corellium co-founder David Wang helped the FBI unlock an iPhone used by a terrorist responsible for the San Bernardino attacks. 

However, a judge dismissed the copyright claims, calling them “puzzling, if not disingenuous.” He wrote in his ruling that “the Court finds that Corellium has met its burden of establishing fair use,” adding that its use of iOS in that context was permissible.

Corellium started offering its platform to individual subscribers earlier this year, after previously only making it available to enterprise users. Each request for access is vetted individually so that it won’t fall into the wrong hands for malicious purposes, according to the company.

Editor’s note: This post originally appeared on Engadget.

Posted on

Daily Crunch: Judge dismisses Apple copyright claims against Corellium

Apple faces a major setback in one of its legal fights, VMware sues a former executive and Google tests a new short-form video feature. This is your Daily Crunch for December 29, 2020.

The big story: Judge dismisses Apple copyright claims against Corellium

Apple filed a lawsuit last year against Corellium, a company that allows security researchers to create virtualized iOS devices in the browser in order to discover potential security flaws.

Apple argued that Corellium’s product both infringes its copyright and, by circumventing built-in authentications and security checks, violates the Digital Millennium Copyright Act. Today, Judge Rodney Smith dismissed Apple’s copyright claims and wrote that “Corellium has met its burden of establishing fair use.”

Smith did not rule on Apple’s DMCA claims, so this legal battle isn’t over.

The tech giants

VMware files suit against former exec for moving to rival company — The company is claiming that former COO Rajiv Ramaswami had inside knowledge of the key plans at VMware and that he should have told the company that he was interviewing for a job at a rival organization.

Google pilots a search feature that aggregates short-form videos from TikTok and Instagram — This could help Google retain users in search of social video entertainment.

Startups, funding and venture capital

23andMe raises $82.5M in new funding — The company’s work this year around COVID-19 has, perhaps, put the value of its platform in a new light.

CommonGround raises $19M to rethink online communication — The goal is to build online collaboration software that more fully captures the nuances of in-person communication.

Seattle-based Madrona raises $320M for its eighth fund — That’s up slightly from the firm’s past two funds, which were both $300 million vehicles.

Advice and analysis from Extra Crunch

As launch market matures, space opportunities on the ground take off — If you thought the launch boom was big, just wait for to see what happens when it combines with the private satellite boom.

Streaming services face their real test in 2021 — While media/telecom executives and Wall Street investors have been willing to make big investments for a streaming-centric future, they’ll expect to see actual profits soon.

What’s behind this year’s boom in climate tech SPACs? — There’s no denying that 2020 has been the year of the special purpose acquisition company.

(Extra Crunch is our membership program, which aims to democratize information about startups. You can sign up here for a holiday deal good through January 3. Read more about the deal here.)

Everything else

From the US to China, Korea, India and Europe, antitrust action against tech is gaining serious momentum — Antitrust is now a headline issue for the tech industry across the world.

Attending CES 2021? TechCrunch wants to meet your startup — Virtually, of course.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.

Posted on

Apple’s lawsuit against Corellium has been partly thrown out

Back in August of last year Apple filed a lawsuit against the virtualization software company Corellium, arguing that the product infringed its copyright and later adding claims that Corellium’s product violates the DMCA.

While the DMCA claims will still need to be settled in court, a judge in Florida has tossed out Apple’s copyright claims.

So what is Corellium? To over simplify it, Corellium allows security researchers to spin up a virtualized ARM device (including iOS devices) in a browser and take a deep look under the hood to discover potential security bugs. As I wrote last year:

Corellium could allow, for example, a security researcher to quickly fire up a simulated iPhone and hunt for potential bugs. If one is discovered, they can quickly load up prior versions of iOS to see how long this bug has been around. If a bug “bricks” the virtual iOS device and renders it unusable, it’s a matter of just booting up a new one rather than obtaining a whole new phone. Virtualized devices can be paused, giving researchers a detailed look at its precise state at any given moment.

Writes Judge Rodney Smith in a docket filed this morning as first spotted by the Washington Post:

Having reviewed the evidence, the Court does not find a lack of good faith and fair dealing. Further, weighing all the necessary factors, the Court finds that Corellium has met its burden of establishing fair use. Thus, its use of iOS in connection with the Corellium Product is permissible. On these grounds, Corellium’s Motion for Summary Judgment is granted on Apple’s copyright claim.

Smith cites Corellium’s ability to do things like “(1) see and halt running processes; (2) modify the kernel; (3) use CoreTrace, a tool to view system calls; (4) use an app browser and a file browser; and (5) take live snapshots” as proof that the product is “not merely a repackaged version of iOS” and should be considered fair use.

Smith also notes repeatedly that this legal action comes after Apple considered acquiring Corellium.

Between January 2018 and the summer of 2018, the parties engaged in discussions regarding Apple’s potential acquisition of Corellium. During this time, the parties met in-person and telephonically. Corellium explained to Apple the technology behind the Corellium Product and how it works, and discussed Corellium’s business and intention to commercialize the Corellium Product.

And:

If Apple had acquired the Corellium Product, the product would have been used internally for testing and validation (that is, for verifying any system weaknesses and functioning of devices).

While this decision swipes away the copyright claims (potential appeals aside), there was no such swift judgement on the DMCA claims. Apple argues that Corellium is working around built-in authentications and security checks, whereas Corellium argues that such things are implemented at a hardware level and the firmware they’re dealing with (the iOS IPSW files) are “left unencrypted, unprotected, unlocked, and out in the open for the public to access, copy, edit, distribute, perform, and display.”

Apple is suing Corellium

Posted on

Apple is suing Corellium

Apple is suing virtualization software company Corellium, according to documents filed today in Florida.

Corellium allows customers to create and interact with virtual iOS devices — a software iPhone, for example, running actual iOS firmware, all within the browser. Apple says this is copyright infringement, and is demanding Corellium stops “all uses of” its iOS virtualization products and pays Apple unspecified “damages and lost profits”

Corellium could allow, for example, a security researcher to quickly fire up a simulated iPhone and hunt for potential bugs. If one is discovered, they can quickly load up prior versions of iOS to see how long this bug has been around. If a bug “bricks” the virtual iOS device and renders it unusable, it’s a matter of just booting up a new one rather than obtaining a whole new phone. Virtualized devices can be paused, giving researchers a detailed look at its precise state at any given moment .

Forbes did a deep dive on the company last year. As they point out, two of the company’s co-founders were some of the earliest members of the iPhone jailbreak scene, giving them an understanding better than nearly anyone else in the world as to how iPhones, iPads, etc work under the hood.

In its complaint, Apple writes:

The product Corellium offers is a “virtual” version of Apple mobile hardware products, accessible to anyone with a web browser. Specifically, Corellium serves up what it touts as a perfect digital facsimile of a broad range of Apple’s market-leading devices—recreating with fastidious attention to detail not just the way the operating system and applications appear visually to bona fide purchasers, but also the underlying computer code. Corellium does so with no license or permission from Apple.

This news comes just days after Apple announced that it would be launching a “iOS Security Research Device Program”, in which select security researchers would be given access to less-locked down iOS devices in order to help them find vulnerabilities.

Story developing…