Apple Files Lawsuit Against Corellium For iOS Emulation (bloomberg.com) 60
Apple has filed a lawsuit against Corellium, accusing the software company of illegally selling virtual copies of iOS under the guise of helping discover security flaws. "Apple said the software company Corellium has copied the operating system, graphical user interface and other aspects of the devices without permission, and wants a federal judge to stop the violations," reports Bloomberg. From the report: Apple said it supports "good-faith security research," offering a $1 million "bug bounty" for anyone who discovers flaws in its system and gives custom versions of the iPhone to "legitimate" researchers. Corellium, the iPhone maker said, goes further than that. "Although Corellium paints itself as providing a research tool for those trying to discover security vulnerabilities and other flaws in Apple's software, Corellium's true goal is profiting off its blatant infringement," Apple said in the complaint. "Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder."
Corellium creates copies of the Apple iOS, and says that it's all to help white-hat hackers discover security flaws. Instead, according to Apple, any information is sold to people who can then exploit those flaws. Corellium, in a posting dated July 4 on its website, said it "respects the intellectual property rights of others and expects its users to do the same." Corellium's products allow the creation of a virtual Apple device, according to the suit. It copies new versions of Apple works as soon as they are announced, and doesn't require users to disclose flaws to Apple, the Cupertino, California-based company said in the complaint. Apple also wants a court order forcing Corellium to notify its customers that they are in violation of Apple's rights, destruction of any products using Apple copyrights, and cash compensation.
Corellium creates copies of the Apple iOS, and says that it's all to help white-hat hackers discover security flaws. Instead, according to Apple, any information is sold to people who can then exploit those flaws. Corellium, in a posting dated July 4 on its website, said it "respects the intellectual property rights of others and expects its users to do the same." Corellium's products allow the creation of a virtual Apple device, according to the suit. It copies new versions of Apple works as soon as they are announced, and doesn't require users to disclose flaws to Apple, the Cupertino, California-based company said in the complaint. Apple also wants a court order forcing Corellium to notify its customers that they are in violation of Apple's rights, destruction of any products using Apple copyrights, and cash compensation.
Re: Is there a statute of limitations on copying U (Score:1)
Xerox already said something. [slashdot.org]
But the lawsuit was dismissed. [slashdot.org]
Re: (Score:1)
fixed [nytimes.com]
fixed [wikipedia.org]
Re: (Score:2)
Fixed (well, at least Preview shows OK):
Xerox already said something. [nytimes.com]
But the lawsuit was dismissed. [wikipedia.org]
Apple... (Score:1)
Apple said in the complaint. "Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder."
What's wrong with selling your wares on a free and open market with genuine price discovery? I guess Apple thinks it should, for some reason, get first crack at new cracks, even if they're low-balling the compensation amount? While simultaneously making it harder for the people to do this line of development work?
Sounds like communism/socialism/totalitarianism to me. FU APPL.
Re:Apple... (Score:5, Informative)
Apple said in the complaint. "Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder."
What's wrong with selling your wares on a free and open market with genuine price discovery? I guess Apple thinks it should, for some reason, get first crack at new cracks, even if they're low-balling the compensation amount? While simultaneously making it harder for the people to do this line of development work?
Sounds like communism/socialism/totalitarianism to me. FU APPL.
There are two points here. The first one is that they are not actually "emulating" the operating system - they emulate the hardware and run Apple's stock iOS on their emulation platform. So they use Apple's software on an unauthorised platform. You may not like this but who writes the software has the right to restrict its use. The second point here is that even their behaviour would probably get some protection from the law if they used their emulation tech for academic purposes, or to help the common good. But this is not the case. Hence they are violating Apple's IP rights to get a profit. What apple is doing is not "communism/socialism/totalitarianism". It is capitalism, and in fact a rare case where it is actually good.
Re: (Score:2)
> "You may not like this but who writes the software has the right to restrict its use."
Haha. If I've paid for it I'll use it however the hell I like, thanks. Next you'll be saying that I can't use a hammer to put a screw in a piece of wood if some blurb from the hammer company claims it is against their Terms and Conditions.
See also CueCat.
Re: (Score:3)
How do you pay for iOS?
Re: (Score:1)
As a pleb consumer, I'd pay for it by buying Apple hardware. I would think Correllium has a different way.
Re: (Score:2)
Buying the hardware does not magically transfer a license of the software to you (or Correllium).
Re: (Score:2)
Oh, I beg to differ. If you sell a device with embedded software that only operates using that software, then you've "magically transferred" a at least an implied license to use that software.
Re: (Score:2)
Use, yes, copy, no.
You could make the same statement about Microsoft - because I purchased a computer that was pre-loaded with Windows, I can now take a copy of Windows and put it on any number of virtual machines.
No, you have to have a license for each machine, virtual or not and if your hardware or emulation didn't come with one, you have no implicit right to copy another one.
17 USC 117(a)(1) (Score:2)
It is not an infringement for the owner of a lawfully made copy of a computer program to make additional copies so long as said copies are made solely for using the program on a particular machine and not distributed to other people.
US Code citation: 17 USC 117(a)(1) [cornell.edu]
Re: (Score:3)
Well that's not what phayes wrote, now is it? And you're not contradicting anything that I wrote. "[A]t least an implied license to use that software" means use.
Guess what, you also get a license to copy the software, within that device, from firmware to memory to operate it, as well as a license to distribute that software, with the device, to others, and a license to "publicly perform" the software by screencasting, with the device, because Apple built that capability into the softwar
Re: (Score:1)
Making the copy available to white hat hackers, on or off their hardware, would count as distribution to other people, would it not?
Re: (Score:3)
It is not an infringement for the owner of a lawfully made copy of a computer program to make additional copies so long as said copies are made solely for using the program on a particular machine and not distributed to other people.
US Code citation: 17 USC 117(a)(1) [cornell.edu]
correllium is distributing those copies to other people.
Re: (Score:2)
I would think Correllium has a different way.
I would not think that. If Correllium had a different way I am sure Apple would not be suing them.
I don't know what they are doing. Maybe they are buying up a bunch of used iOS device inventory as means of acquiring licenses; maybe they its 10s of thousands of them for each operating system instance they make available to customers, maybe its one per hypervisor, maybe they are not doing anything at all.
In any case Apples license almost certainly does not entitle you to run iOS on a non-Apple device even if
Re: (Score:2)
Fair use may or may not apply, depending on what the buyer does. Here's how it works.
You can buy an iPhone. Get the cheapest one. It will come with a copy of iOS. At this point, you own a copy and you can do anything you want with that copy within the bounds of copyright law. You have all the rights that Fair Use can defend, and you do not have a license from Apple. If you want to read it off the iPhone and move it to some other computer and put the old iPhone away (or into the landfill) you'll probably ge
Re:Apple... (Score:4, Informative)
> If I've paid for it I'll use it however the hell I like
You _bought_ iOS?!?! No, you did not. You _bought_ a device that comes with an iOS License. That iOS license (and the law) allow you to use _that_device_ any way you want but it does not allow you to duplicate iOS to another device. That Apple allows you to duplicate iOS to other Apple devices does not mean that the law authorizes you to duplicate it to any device you please.
You cannot legally "use iOS however the hell you like" than you can buy a CD and then copy it's contents to anyone you want. Cuecat has nothing to do with this.
Re: (Score:3)
>> You cannot legally "use iOS however the hell you like"
Yes you can legally.
Just travel into a country where it is allowed or tolerated, or on a boat on open sea, or in the antarctic.
Re: (Score:2)
The WTO would still have something to say about that.
Re: (Score:3)
I don't think shrinkwrap "licenses" are quite as strong as you say. There are a bunch of clauses in those licenses that don't have any power, or it is very unclear if they do, including a lot of the ones that try to restrict usage or reverse engineering. This should be evident because Apple is specifically trying to say that exceptions like that don't apply here. I think this is a case where we don't even really know the answer before it goes to court. It's well known that a company can't just forbid re
Re: (Score:2)
Except that you cannot buy iOS. You can buy a phone or a tablet that has a single non-transferrable license issued to that device. Which, you accepted the terms to when you first powered on that device and started using it.
Re: (Score:1)
So, what happens if I have a Mac, and the motherboard dies while still under warranty? If I take it to a repair shop, do they swap out the motherboard, wipe the drive and load a new OS with a new license on it? Or do they just replace the bad parts and leave the OS intact?
If they replace the OS, you might have a case; but if they just replace parts, then by their own actions they can sell the OS separate from the hardware. Or at the very least they can sell me a hard drive with the OS insta
Re: (Score:1)
Have you ever considered not being fucking stupid? You even quoted the GP agreeing with you.
Re: (Score:2)
The first one is that they are not actually "emulating" the operating system - they emulate the hardware and run Apple's stock iOS on their emulation platform.
Wow. SMH. Emulating the hardware such that you can run the stock software IS emulation in everybody's normal understanding of the word emulation.
I mean, WTF are you even suggesting? That "real" emulation means you have to write your own version of iOS? How would running your own implementation of an iOS-like operating system help you in any way do security testing of iOS itself? Any security bugs you find are going to be bugs in your own implementation, not bugs in iOS.
Good grief. The level of incompetence and insanity among Apple fanbois... What are they making you guys smoke over there in Apple-land?
1) it is different because some articles seem to imply that they "emulate" iOS. They do not. They emulate the HW it runs on. So they are using iOS on an unauthorised device. Whether you think this is good or bad is irrelevant, this is a matter of law. And I am not a lawyer, but clearly you are not one as well.
2) I am not an Apple-fanboy, even though I use Apple products because they (on average) suck, but still less than all alternatives [hint, my former student Halvar Flake used to say the same]. As fo
Re: (Score:2)
How do they emulate the hardware? My understanding is that iPhones use a fair amount of customized chips that would be difficult to emulate in software, partly because of their in-house closed design nature and partly because emulation is very slow.
Re: (Score:2)
You may not like this but who writes the software has the right to restrict its use.
This sort of thing should be illegal. If it's not, Apple found a legal loophole that should be closed.
IF you buy something, it should be yours. If you buy software, you should be able to install it where you want.
Re: (Score:2)
You may not like this but who writes the software has the right to restrict its use.
Nope. Try and stop me.
Re: Apple... (Score:2)
Re: Is there a statute of limitations on copying U (Score:1)
Re: Is there a statute of limitations on copying (Score:1)
Re: (Score:2)
The hallmark of slashdot AC's is to be the most stupid morons they can possibly be. It wouldn't matter if his mommy read the summary to him out loud and slowly -- he's never going to understand.
Re: (Score:3)
Emulation is explicitly allowed, just download a copy of Xcode and an emulator comes with it which Apple happily distributes.
What is happening here though, is that Corellium is distributing a (modified) copy of iOS to run on their own emulation platform. That's simply copyright violation.
Re: (Score:1)
XCode only runs on macOS.
XCode emulator will only permit execution of own custom code, third-party app store apps cannot be used, if I understood correctly.
I really want an emulated backup version of my iphone to fall back to in case the physical hardware breaks yet again. It takes up to 4 weeks to have the broken device shipped to the out-of-country repair center, fixed and then shipped back. And then RMAd because they fixed it wrong. I've danced this dance a few times and not having access to the data and
Re: (Score:3)
How can you find security flaws in Apple's OS if you supply your own?
Re: (Score:1)
Re: (Score:3)
Without the PC clones the computer market would probably have been a lot more diverse and hardware would have been a lot more varied - for good and bad.
Looking back the IBM PC wasn't very good, it mostly sold well because it was labeled IBM and therefore it was easy to get it introduced into the corporate environment.
Re: (Score:1)
Re: Is there a statute of limitations on copying U (Score:2)
The PC was a good open architecture that did not use obscure or obfuscated chips. Plain off-the-shelf chips were used throughout. The commented source code for the bios was published in the Tech Ref manual that anybody could buy.
The open architecture meant that others could build their enhancements on the platform. In the market of the time this was very open. Competing consumer grade products used ASICs and obscured designs that may have been 'superior' but were closed.
Re: (Score:1)
The IBM PC wasn't very good for what? It was an office machine, and for that it was VERY good.
If you wanted graphics and games, you went with Commodore and Atari. If you wanted education you went with Apple. Most people i knew couldn't afford Apple's so they had Commodore's and Atari's.
-T-
Re: (Score:2)
Looking back the IBM PC wasn't very good,
Looking back, the IBM PC was actually pretty good. It was based on an open architecture which brought the absolute highest levels of peripheral compatibility (not that it was the only system based on an ISA bus, but it was one of the best documented) and it was an extremely approachable architecture. The bus did lack autoconfiguration, but it had very good practical throughput. The superior contemporary buses were all more expensive to implement. It was simple to program in assembler since the combination o
Re: (Score:2)
Turn it around - the IBM PC defined the ISA bus, not the other way around.
And there were a number of other computers around at the time that were at least as good and had good documentation but the advertising power of IBM overruled those systems.
So I still hold my opinion here that it wasn't technically any really good machine, it was just about as good as the VW bug in the world of cars and did well through marketing and a relatively low price even if there were better machines out there with more feature
Re: (Score:2)
Turn it around - the IBM PC defined the ISA bus, not the other way around.
Yes, but it was used in other computers, and you could use certain PC peripherals (based around the right chips) in them. The Apollo Domain computers (which begat some of the concepts we known in NT now, like UNC naming) used the 16-bit ISA bus, as did IBM's own RT/PC.
And there were a number of other computers around at the time that were at least as good and had good documentation but the advertising power of IBM overruled those systems.
Were there any of them that weren't even more expensive? When the actual PC came out, all the ones I'm familiar with cost even more than the 5150.
So I still hold my opinion here that it wasn't technically any really good machine, it was just about as good as the VW bug in the world of cars
That's a great comparison, except that the VW bug required a lot of maintenance, whereas IBM PCs
Re:Is there a statute of limitations on copying UI (Score:4, Insightful)
The situation is not even an analogue. The PC clones did a clean room implementation of BIOS; that was pretty much the only proprietary thing about the PC that mattered to software running on it anyway. A work-a-like was created not copied and with great care to not use any IBM IP.
Apple isn't Oracle here saying "our interfaces are copyright" they saying you can't literally take our entire operating system ignore our software license and run it on your hardware! They have never tried to sue GNUStep out of existence for example for implementing OpenStep/Cocoa. I bet Apple would be happy to leave you alone if you sold something you called a "Hackintosh" running a Linux/X/GnuStep software stack too, but they'd rightly come after you if you started shipping boxes out with OSX preinstalled!
Lets be honest about Corelllium too. People are NOT using it to find security vulnerabilities in iOS for the most part. Maybe a few are but their real customer base is application testing companies looking for issues in iOS applications. Corelllium is stupid expensive! The market exists because Apple makes it pretty hard to do 3rd-party run-time testing of applications on the iOS devices most people have. You have to keep a bunch of devices around with older iOS versions installed that have working jailbreaks. Unless you have the source and can do your own build. Which is fine if the application uses native objc or swift SDKs; you should share your source with your security audit firm and they should be reviewing your source too not just the runtime package. However if you are using some of the cross platform tools to build your app now there is a whole pile of other licensed software they probably need to have a working build environment and that is a problem. This forces testers into the unpack, inject library, re-sign, re-deploy loop which is both kludgey and not very reliable. Its THAT problem Corellium solves; you get a recent version of iOS running on hypervisor with full access to memory, the ability to disable signature checks so you hook calls to the OS etc. This is great for an application audit. That also means you can test the binary that is ACTUALLY in the app-store which might be important in some cases to ensure there is no funny business.
Really what Apple needs to go is make a 'low-integrity' version of iOS that will deploy packages/run binaries that are either unsigned or have invalid signatures (due to injected libraries for testing etc) available to the general industry broadly. Make it separate thing you have to buy and charge a few hundred bucks or something so the public does use it to run pirated apps. Lock it to specific devices - like you have give Apple the IMEI of the phone you will use or something when you register for your download if they are so worried about it getting out. Finally cripple it a little like blow away the file system keys on power off (or never store them) so the device comes up in the OOB state each time its powered (actually as tester I'd even like it to do that probably). That would really help the industry. Cost Apple virtually nothing, and knock the legs out of both the Corelliums of the world AND a lot of the interest in jailbreaking by a significant portion of the folks with the actual skills to find vulnerabilities and develop the exploits.
Re: (Score:1)
The result was a "chip" that got the "OS" working.
Re: (Score:2)
Just another hyper-mega-corp smashing apart some kids' lemonade stand.
Kids need to grab teh hammer from THE MAN and smash the big screen!
Keep smashing things and grabbing all teh coins like an adderall addicted Scot Pilgrim until everything is smashed and coins no longer mean everything!
Re: (Score:2)
Apple doesn't want you testing on older devices, or with older versions of iOS, so they don't make it easier for you. They want your app to fail on those devices, so that people buy new devices. If they wanted you testing on them, they'd make it easy.
Re: (Score:1)
Until very smart people created fully compatible computers
That the OS worked on for generations and decades
Apple said it supports "good-faith security..."" (Score:3)
Translation: Let's get rid of the jailbreaking community once and for all.
Wait for the (Score:1)
Writing hypervisors seem to be problematic (Score:1)
Looks like writing hypervisors have the same problem than what is the problem of writing video-playing software. Video playing software isn't a complete sellable package without completing the product with hollywood movies. Thus many authors of video-playing software has a pirated copies of hollywood movies in their product to complete the product package. Seems hypervisors are in similar position, the hypervisor isn't complete sellable package, without including existing and popular operating systems to th
Again with the locks and infantilizing the custome (Score:2)
You don't really own it (Score:2)
Re: (Score:2)