iOS emulation company Corellium sued by Apple claims using iOS code in their product is legal

Lorenzo Franceschi-Bicchierai for Motherboard:

On Monday, Corellium, the startup that was sued by Apple for alleged copyright infringement in August, filed its response to the lawsuit. Apple alleged that Corellium’s product is illegal, and helps researchers sell hacking tools based on software bugs found in iOS to government agencies that then use them to hack targets…

In its response, Corellium essentially argues that using Apple’s code in Corellium is fair use and its product makes the world a better place by helping security researchers inspect the iPhone’s operating system, find flaws in it, and help Apple fix them. With Corellium, researchers can more easily find bugs by creating virtual instances of iOS and test them more quickly, as opposed to having to use actual physical devices.

Corellium’s key argument lies on the assumption that Corellium’s customers are looking for bugs with the intention of alerting Apple of their existence. The only customer Corellium names in its response is Azimuth Security, which was acquired by defense contractor L3 last year. As Motherboard reported last year, Azimuth is one of the best companies in the world at finding bugs in iOS, and developing exploits that take advantage of those bugs. Azimuth does not report those bugs to Apple. Instead, it sells hacking tools based on those bugs to law enforcement and intelligence agencies in the United States, UK, Canada, and other countries.

MacDailyNews Take: There is a reason why too many failed attempts to unlock disable an iOS device: Security.

Corellium allows this important security feature to be sidestepped allowing for brute-force attempts to unlock devices, among other things.

Apple offers a $1 million “bug bounty” for anyone who discovers flaws in iOS and gives custom “dev-fused” iPhones to legitimate researchers.

Again, you couldn’t beg for a lawsuit from Apple any better than Corellium, and that’s a list that includes the likes of Psystar!

To thwart brute-force attempts to unlock you devices, always use long, custom, alphanumeric passcodes. Use at least seven characters – even longer is better – and mix numbers, letters, and symbols.

To change your passcode in iOS:
Settings > Face ID & Passcodes > Change Passcode > Passcode Options: Custom Alphanumeric Code

1 Comment

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.