Apple has filed a lawsuit today against virtualization company Corellium. For those unfamiliar, Corellium allows users to virtualize iOS, pitching it as a research tool for security experts. Apple, however, says Corellium’s “true goal is profiting off its blatant infringement.”
Ecobee HomeKit Thermostat
Essentially, Corellium allows researchers to run software only virtualizations of iOS. This opens up a new set of capabilities for security researchers, as they can do things like pause the operating system completely (via Bloomberg).
The lawsuit was filed today in the Southern District of Florida. Apple alleges that Corellium is blatantly infringing upon its copyrights. “Corellium has simply copied everything: the code, the graphical user interface, the icons—all of it, in exacting detail,” Apple writes.
Corellium explicitly markets its product as one that allows the creation of “virtual” Apple devices. For a million dollars a year, Corellium will even deliver a “private” installation of its product to any buyer. There is no basis for Corellium to be selling a product that allows the creation of avowedly perfect replicas of Apple’s devices to anyone willing to pay.
Apple also takes issue with Corellium’s spin that its iOS suite allows researchers to better discover vulnerabilities. Corellium does not require researchers to report their discoveries to Apple, which Apple says encourages the vulnerabilities to instead be sold on the market:
Although Corellium paints itself as providing a research tool for those trying to discover security vulnerabilities and other flaws in Apple’s software, Corellium’s true goal is profiting off its blatant infringement. Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder.
One thing Apple notes is that it strongly supports “good-faith” security research – and has never before pursued legal action against a security researcher.
The purpose of this lawsuit is not to encumber good-faith security research, but to bring an end to Corellium’s unlawful commercialization of Apple’s valuable copyrighted works. Accordingly, Apple respectfully seeks an injunction, to stop Corellium’s acts of naked copyright infringement.
Through this lawsuit, Apple is seeking an injunction against Corellium sales, a court order requiring Corellium to notify its customers they are violating Apple’s copyright, destruction of products using Apple’s copyright, and cash compensation.
Apple’s lawsuit against Corellium comes after the company significantly revamped its bug bounty program last week with higher payouts and a new device program that gives researchers what are essentially “pre-jailbroken” iPhones.