apple heavy Corellium
4 months ago
Published December 29, 2020 by

In this story, Apple plays the heavy

Having failed to acquire a mom-and-pop software company, Apple tried to put it out of business.

From Reed Albergotti’s “Apple loses copyright battle against security start-up Corellium” in Tuesday’s Washington Post:

Corellium, co-founded in 2017 by husband and wife Amanda Gorton and Chris Wade, was a breakthrough in security research because it gave its customers the ability to run “virtual” iPhones on desktop computers. Rather than using physical iPhones to poke and prod iOS, Apple’s mobile operating system, Corellium streamlined the process…

Apple initially attempted to acquire Corellium in 2018, according to court records. When the acquisition talks stalled, Apple sued Corellium last year, claiming its virtual iPhones, which contain only the bare bones functions necessary for security research, constitute a violation of copyright law…

Apple’s lawsuit against Corellium has threatened to sink the fledgling company. Corellium’s legal resources were limited by its comparatively tiny budget.

In the lawsuit, Apple had argued that Corellium’s products could be dangerous if they fall into the wrong hands, because security flaws discovered by Corellium could be used to hack iPhones. Apple argued that Corellium sells its product indiscriminately, a claim Corellium denied. Judge Rodney Smith called Apple’s argument on those claims “Puzzling, if not disingenuous.” Judge Smith found that Corellium used a vetting process before selling its products to customers.

My take: There’s irony in Albergotti’s kicker…

Over the weekend, Forbes named Corellium the best cybersecurity product of the year.

12 Comments

  1. Jerry Doyle said:
    If someone is praying this story has “legs,” forget it.

    3
    December 29, 2020
  2. Gregg Thurman said:
    Curious.

    Obviously the firm has value, otherwise Apple wouldn’t try to buy it. Unfortunately the parties couldn’t agree on price/terms, at which point Apple has tried to stop sales of its virtual iPhone vulnerabilities hacker.

    From Apple’s viewpoint they wanted control of the technology to protect the security of iOS (and MacOS in the future). With a purchase option Apple tried to shut the Company down using the courts.

    Corellium’s products pose a major threat to Apple’s core products and ecosystem. I don’t blame Apple for trying to destroy Corellium.

    The problem at this point isn’t a legality issue, it’s that the cat (method) has been let out of the bag. Bad actors worldwide are now going to try to duplicate Corellium’s automated hacking tool, and they won’t do it to sell copies of it.

    No amount of purchase money will put the cat back in the bag.

    2
    December 29, 2020
  3. David Emery said:
    The legal basis for this is in ‘fair use,’ a topic that still has a lot of legal debate around it. The Google/Oracle (Java) lawsuit is probably the poster child (“Can APIs be subject to copyright?”) In this case, I’m sure the Apple argument is this is an unauthorized use of Apple’s IP (in the form of iOS binaries), and legally they’re probably quite correct. Whether this is ‘morally right’ is a much more difficult topic.

    3
    December 29, 2020
    • Gregg Thurman said:
      Whether this is ‘morally right’ is a much more difficult topic.

      I don’t see a moral issue at all. Corellium has automated an iPhone hacking device and is SELLING it. In my opinion Apple is trying to protect its customers from unauthorized searches and/or bad actor hacks.

      One of the hallmarks of owning an Apple product is to be free of malware. Corellium breaches that hallmark.

      3
      December 29, 2020
      • David Emery said:
        Should intended use enter into the ‘moral discussion’? Probably.

        But consider: What if Corellium offered a mechanism to debug iPhone apps that was a lot easier/more benign than doing that on the device itself? That was one of the great uses of the old Virtual PC product on the Mac, it was a much more benign debugging environment (particularly for running down Blue Screen of Death) than a PC itself. (That’s because it was a lot easier to checkpoint and restart a VM than an actual Windows PC.)

        0
        December 29, 2020
  4. Ralph McDarmont said:
    Well, Apple could have easily made an irresistible purchase offer, along with gainful employment for the developers. Does anybody know what Apple spends on litigation every year? A thousand people constantly sue Apple, probably for things as small as a broken fingernail while dialing. It is good that Steve built the spaceship to provide the office space for a thousand lawyers.

    1
    December 29, 2020
  5. Grady Campbell said:
    This article is nothing compared to the same author’s preceding one in the Post titled “Apple’s longtime supplier accused of using forced labor in China”. Way down in the article it mentions in passing that “[the company] has several factories producing glass for the consumer electronics industry” but somehow this is a problem that Apple is responsible for allowing to happen. It also mentions in passing that Tesla and Amazon are customers but since they didn’t deign to respond they are not mentioned further (and certainly not in the title).

    1
    December 29, 2020
  6. Bart Yee said:
    Negative Apple articles have usually been clickbait. Many present the facts but then become slanted in comment, perspective, or rehashing old tripes and tropes, especially labor and legal related. Apple is not perfect nor an angel, but it is a business and certainly has a right to try to defend its IP. Ironically, when our country worries about foreign countries and companies stealing our IP, there can also be domestic rulings regarding same said IP, software and hardware developments, etc. that can go against the company. Stuff happens as the digital legal world evolves. But Apple always has the right to defend itself, no matter how it is viewed from outside.

    Can Apple be disrupted by this – time will tell. But there is a wrinkle here, see next post

    0
    December 29, 2020
  7. Bart Yee said:
    In this article, the Verge discusses that this is only part of the case and there still is more to go for both parties:

    “Crucially, the court didn’t dismiss all of Apple’s case. Apple has alleged that Corellium circumvented its authentication server and secure boot chain, among other measures, violating the DMCA’s ban on circumventing copy protection measures. Corellium also mounted a fair use defense against the DMCA charges, but the judge did not find it compelling enough to dismiss the DMCA allegations before a full trial.”

    https://www.theverge.com/2020/12/29/22205130/apple-corellium-dismissed-copyright-dmca-fair-use

    1
    December 29, 2020
  8. Michael Goldfeder said:
    @Bart: Thanks for posting that link to the Federal Judge’s Ruling. The provides clarity as to what was clearly omitted from the grossly misleading “click bait” headline. This was just a summary judgment motion brought by both parties in order to narrow the issues and affirmative defenses for trial.

    Corellium is till in the grease for utilizing the iOS configurations improperly according to the Judge. So now a trial will be set after January, 2021 in this action. It’s just beginning and Apple has plenty of factual and legal arguments in their favor.

    1
    December 30, 2020

Leave a Reply