Having failed to acquire a mom-and-pop software company, Apple tried to put it out of business.
From Reed Albergotti's "Apple loses copyright battle against security start-up Corellium" in Tuesday's Washington Post:
Corellium, co-founded in 2017 by husband and wife Amanda Gorton and Chris Wade, was a breakthrough in security research because it gave its customers the ability to run “virtual” iPhones on desktop computers. Rather than using physical iPhones to poke and prod iOS, Apple’s mobile operating system, Corellium streamlined the process...
Apple initially attempted to acquire Corellium in 2018, according to court records. When the acquisition talks stalled, Apple sued Corellium last year, claiming its virtual iPhones, which contain only the bare bones functions necessary for security research, constitute a violation of copyright law...
Apple’s lawsuit against Corellium has threatened to sink the fledgling company. Corellium’s legal resources were limited by its comparatively tiny budget.
In the lawsuit, Apple had argued that Corellium’s products could be dangerous if they fall into the wrong hands, because security flaws discovered by Corellium could be used to hack iPhones. Apple argued that Corellium sells its product indiscriminately, a claim Corellium denied. Judge Rodney Smith called Apple’s argument on those claims “Puzzling, if not disingenuous.” Judge Smith found that Corellium used a vetting process before selling its products to customers.
My take: There's irony in Albergotti's kicker...
Over the weekend, Forbes named Corellium the best cybersecurity product of the year.
Obviously the firm has value, otherwise Apple wouldn’t try to buy it. Unfortunately the parties couldn’t agree on price/terms, at which point Apple has tried to stop sales of its virtual iPhone vulnerabilities hacker.
From Apple’s viewpoint they wanted control of the technology to protect the security of iOS (and MacOS in the future). With a purchase option Apple tried to shut the Company down using the courts.
Corellium’s products pose a major threat to Apple’s core products and ecosystem. I don’t blame Apple for trying to destroy Corellium.
The problem at this point isn’t a legality issue, it’s that the cat (method) has been let out of the bag. Bad actors worldwide are now going to try to duplicate Corellium’s automated hacking tool, and they won’t do it to sell copies of it.
No amount of purchase money will put the cat back in the bag.
I don’t see a moral issue at all. Corellium has automated an iPhone hacking device and is SELLING it. In my opinion Apple is trying to protect its customers from unauthorized searches and/or bad actor hacks.
One of the hallmarks of owning an Apple product is to be free of malware. Corellium breaches that hallmark.
But consider: What if Corellium offered a mechanism to debug iPhone apps that was a lot easier/more benign than doing that on the device itself? That was one of the great uses of the old Virtual PC product on the Mac, it was a much more benign debugging environment (particularly for running down Blue Screen of Death) than a PC itself. (That’s because it was a lot easier to checkpoint and restart a VM than an actual Windows PC.)
Calling it “playing the heavy” just because the opponent is not as well-heeled financially (who is, compared to Apple?) is giving too much credit where it’s not due. This is literally yet another way to jail-break an iPhone and make it less secure. Apple tried to shut that door, and for good reason, but rats like cheese….
Can Apple be disrupted by this – time will tell. But there is a wrinkle here, see next post
“Crucially, the court didn’t dismiss all of Apple’s case. Apple has alleged that Corellium circumvented its authentication server and secure boot chain, among other measures, violating the DMCA’s ban on circumventing copy protection measures. Corellium also mounted a fair use defense against the DMCA charges, but the judge did not find it compelling enough to dismiss the DMCA allegations before a full trial.”
https://www.theverge.com/2020/12/29/22205130/apple-corellium-dismissed-copyright-dmca-fair-use
Corellium is till in the grease for utilizing the iOS configurations improperly according to the Judge. So now a trial will be set after January, 2021 in this action. It’s just beginning and Apple has plenty of factual and legal arguments in their favor.