Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Apple IT Technology

Apple's Copyright Lawsuit Has Created a 'Chilling Effect' on Security Research (vice.com) 76

Posted by msmash from the closer-look dept.
Last year, Apple accused a cybersecurity startup based in Florida of infringing its copyright by developing and selling software that allows customers to create virtual iPhone replicas. Critics have called the Apple's lawsuit against the company, called Corellium, "dangerous" as it may shape how security researchers and software makers can tinker with Apple's products and code. From a report: The lawsuit, however, has already produced a tangible outcome: very few people, especially current and former customers and users, want to talk about Corellium, which sells the eponymous software that virtualizes iPhones and Android devices. During the lawsuit's proceedings, Apple has sought information from companies that have used the tool, which emulates iOS on a computer, allowing researchers to probe potential iPhone vulnerabilities in a forgiving and easy-to-use environment.

"Apple has created a chilling effect," a security researcher familiar with Corellium's product, who asked to remain anonymous because he wasn't allowed to talk to the press, told Motherboard. "I don't know if they intended it but when they name individuals at companies that have spoken in favor [of Corellium], I definitely believe retribution is possible," the researcher added, referring to Apple's subpoena to the spanish finance giant Santander Bank, which named an employee who had Tweeted about Corellium. Several other cybersecurity researchers expressed fear of retribution from Apple for using Corellium.
This discussion has been archived. No new comments can be posted.

Apple's Copyright Lawsuit Has Created a 'Chilling Effect' on Security Research More

Apple's Copyright Lawsuit Has Created a 'Chilling Effect' on Security Research

Comments Filter:

  • nothing to see here. (Score:2, Insightful)

    by Anonymous Coward
    except of course Corellium is not a security research firm. They advertise themselves as writing and selling simulators for devices, seems a blatant case of infringement and just using Security as an excuse to justify that infringement.

    • Who cares? Let Apple crash and burn... (Score:1)

      by Anonymous Coward

      So Apple scares off all the security research. Big deal... That just means that their devices will skate by with security holes unresearched and thus, never fixed. Then some APT like China, North Korea, Iran, or Russia will find and exploit said insecure Apple devices. Eventually, Apple will then suffer reputation declines due to their insecure devices.

      If Apple wants to screw themselves over like that, let 'em.

      • Re: (Score:1)

        by Anonymous Coward
        Apple haven't scared off security researchers at all, they have only scared them off from using the emulators supplied by this company.

      • Re: (Score:2)

        by phayes ( 202222 )

        Those who are true security researchers are using the XCode emulator. Only pirates who want a fig-leaf to claim that they are "researchers" use stolen goods to do so. Boo Hoo, it's chilly in the waters pirates swim in.

    • Surely there is a chilling effect. On people who think they can create a business based on copyright infringement. As is intended.

      Has anyone noticed that nobody has been trying to sell PCs with MacOS installed in recent years? That's because one company tried, and it ended up in tears.

      • Has anyone noticed that nobody has been trying to sell PCs with MacOS installed in recent years?

        Apple has been selling them for years.

  • This is why it makes good sense to incorporate offshore, and host all servers offshore. It is far to easy to use lawsuit to slap down whoever you do not like. Unless the company is in oe foreign country, the front end is in another and the back-end in a third all with separate corporate vales... Suddenly the Pirate Bay business and hosting model is worth studying.

    • Re:Way to encourage offshoring! (Score:5, Interesting)

      by postbigbang ( 761081 ) on Tuesday May 05, 2020 @06:40PM (#60026266)

      It's a great test of fair use. Who owns the binaries on your stuff? This also speaks to Right To Repair and other initiatives to permit users to hack their own stuff. Apple wants you to buy a lot of phones if you're going to brick them on the way. Or do you have the right, when you purchase something, to fix it yourself or be enslaved to a vendor's repair, supply chain for parts, and more?

      I have little doubt that iOS emulators are available elsewhere, from non-legitimate sources. Do we have to send John Deere tractors to Canada to get them fixed, absent of domestic cooperation from John Deere?

      Same question for Tesla parts, Samsung parts, etc etc. I'm very interested to see where and how the lines are drawn. Apple's billions in cash will deliver serious legal firepower and that may eventually cave the problem for them, and if so, sends an onerous message to their customers and their competition.

      • Re: (Score:2)

        by phayes ( 202222 )

        Pfff. "eventually cave the system"?!? Anyone with more than a cursory knowledge of U.S. Copyright law and the facts of the case knows that it's an open and shut case for Apple. Correlium stole Apple's IP. The "onerous message" is that performing illegal acts is illegal. Full stop.

      • If this simulator company is selling copies of the Apple binaries, that's blatant copyright infringement and is not fair use. The only fair use argument would be if they sold a bare simulator and required you to rip the firmware from your existing device to run on the simulator.

        • I'm not so sure of that. Consider that it's a simulator. If it can't be used to dial a number, or run apps that removes revenue from Apple's gargantuan coffers, seems as though its use for research and study is fine.

          The second you port that code to a phone and start making money for someone, then yes, it's theft and copyright violation. So long as it's running as an emulation or simulation, I see fair use.

          Apple, without a doubt, owns that code and any proceeds coming from it, except fair use of that code. H

          • You can try to make a fair use claim for taking their OS and running it on a different platform for research purposes.

            You CANNOT sell someone else's OS without a license and claim it's fair use simply because the purchaser is expected to use it for research purposes. There is no fair use defence for unlicensed commercial sales.

            • I wonder how the court will see this.

              The license of the OS has no value; it's free with every phone. The combination of the phone and OS have value. In terms of copyright, the onus of fair use is applied differently, and differently by jurisdiction.

              If the code runs on an emulator, it's not the original code, as it's emulated, making considerations more complex. I believe in the principles behind Apple's copyright ownership. How they're applied in these circumstances are still open to interpretation. Someone

              • The license of the OS has no value; it's free with every phone.

                Thats not how it works at all. The software is definitely valuable. That Apple chooses to licence it as part of the cost of the device without charging a separate fee is completely up to them as they own the copyright. You're not allowed to violate copyright just because there's no fee. How do you think open source licenses like the GPL work? They're enforceable even though you usually don't pay for them.

              • If the code runs on an emulator, it's not the original code, as it's emulated

                Thats bogus as well. The hardware is emulated. The binaries that run on the hardware are either the original binaries from Apple or they've been modified, constituting a derivative work. In both cases that's a copyright violation if it's unlicensed.

                • It would seem that what you say is true, except fair use, as in the same rationale behind Google's use of an API that tastes a lot like Java. At what point is the line drawn, who gets to draw that line, and what of Right To Repair and the ownership that comes from the purchase of a hardware/software device from anyone at all?

                  Sonos heard the screams of customers whose devices would be bricked. People are still using Windows XP and can't get it "fixed". All these issues play into this. If a use doesn't moneti

                  • It would seem that what you say is true, except fair use, as in the same rationale behind Google's use of an API that tastes a lot like Java.

                    Not a great example of fair use. Google lost that case after appeals.

                    Can others target security investigations for users of Apple's platforms without a license or "blessing" fro Apple?

                    Yes. You either test on a device, test on the XCode emulator Apple provides, or build your own emulator by extracting the code from the device (fair use). What you can't then do is then sell that extracted code to someone else for profit.

                    • The Google vs Oracle case is still on appeal, or so I thought.

                      Your second point is taken.

                      What's the difference between extracting your own code for your own emulator, and someone else doing this? Right-- for profit. I see it more as a service, but I have no horse in this race.

                    • What's the difference between extracting your own code for your own emulator, and someone else doing this? Right-- for profit. I see it more as a service, but I have no horse in this race.

                      Distribution. It's one of the big tenets of copyright. What they're doing isn't that different to selling unlicensed copies of Windows bundled with VM software.

                  • Is this method, an emulation, a method that breaches Apple's intellectual property in a way that injures Apple?

                    I forgot to comment on this part in my other reply. Yes, it absolutely does. Not only does it violate their copyright, it does so by offering a product that directly competes with one of Apple's products (XCode emulator).

      • Right to repair is an important issue. Which has absolutely nothing whatsoever to do with this. This has nothing whatsoever to do with fixing iPhones.

        This company is selling ripped-off copies of Apple's iOS, so you don't need to have a phone to run it.

        You might as well bring up the 10th amendment or.promiting abortion or the second amendment - all important issues, all totally irrelevant to this case.

    • No, most countries with data centers have reciprocity agreements with the USA. You'll be offshore and the USA will come after you.

      • No, most countries with data centers have reciprocity agreements with the USA. You'll be offshore and the USA will come after you.

        Which is why you pick your countries carefully. Which is how TPB is still running.

        • Bad example that proves my point, the owners were imprisoned... and that can happen to you in the USA even if your site is somewhere else. Are you going to move to another country too?

          • The former owners were imprisoned after they sold the company. The new ones are unknown, and the website is still up.

            • The point is their country threw them in the slammer and it didn't matter where it was hosted. Also the new owners are at risk. If they live in say the USA, UK, EU, Canada, Australia, Korea, Japan... they could be imprisoned.

              • If they want you imprisoned, they will have you imprisoned. It really doesn't matter if what you do is moral or ethical or really even legal.

  • Are these guys actually distributing the copyrighted iOS binaries? Or is there some other copyright involved?

    • Re:Where is the copyright infringement? (Score:5, Interesting)

      by Anubis IV ( 1279820 ) on Tuesday May 05, 2020 @06:57PM (#60026308)

      Apple is suggesting these guys extracted copyrighted files from iPhones (and is seeking discovery of documents that would indicate if they did so from illicitly procured prototype or dev devices), packaged them up as a simulator, and then began selling it as a commercial product to get around needing an iPhone. Interestingly, it wasn’t until their second round of remarks to the court that they started saying this is a security tool with legitimate uses that Apple is attempting to quash. Sounds like they made up that justification after the fact.

      • Interestingly, it wasn’t until their second round of remarks to the court that they started saying this is a security tool with legitimate uses that Apple is attempting to quash. Sounds like they made up that justification after the fact.

        Does it really matter whether security research was their initial goal? Their rationale for doing this doesn't change whether the security research use case is real, valid and important.

        • Does it really matter whether security research was their initial goal?

          Possibly. IANAL and I can't speak to the laws in question here, but mens rea, if at play, would suggest that a person's motivations actually do matter. If their original intent was to make a quick buck off someone else's work as evidenced by the fact that their original descriptions of the product were all for invalid purposes, they may well be on the hook for that illicit activity, regardless of their ability to invent a valid justification after the fact. But you also used the word "valid" to describe the

    • Re: (Score:2)

      by mark-t ( 151149 )
      I think it's basically the same objection that Nintendo has about emulators.... that its existence enables piracy, and has no particular mechanisms to ensure that it is not being used for piracy. The assumption, therefore, is that any otherwise legitimate use would be so dwarfed by usage in connection with illegal practices as to render the entire project intolerable.

      • Re: (Score:1)

        by guruevi ( 827432 )

        Not really, Apple provides an iOS simulator for people to use. If you're trying to draw parallels to Nintendo, basically they would've copied the OS from the internal memory of the latest Switch (or downloaded the updates containing as much) and are now selling the binaries including a CPU emulator as a 'security tool' to 'researchers'.

        The only people I've ever seen using Correlium was a company that offered iOS and Android devices in the cloud which I'm not even sure what the use case is for 1000's of simu

  • Security researchers have been at the front line in finding exploits that can otherwise be abused by "bad actors" Apple is tying the hands of those that are technically working to protect iOS users.

    • Do you just believe any random press release? There's a lot of security research being done.

      They just don't do it on unlicensed devices.

      And if you want simulators, it is available via Xcode. So... how is Apple scaring away security researchers? Or maybe you didn't think things through yourself?

      • Buy it from the company store or we shut you down.

        • Re: (Score:2)

          by phayes ( 202222 )

          Buy it from the person that actually owns it. If you don't believe in that I have a number of bridges that you will certainly interested in buying -- and for a really good price too.

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Tuesday May 05, 2020 @07:18PM (#60026360)
    Comment removed based on user account deletion

    • Re: (Score:1)

      by guruevi ( 827432 )

      They do and it's free. Are you saying that Microsoft should provide it's operating system for free because someone else does?

      • Comment removed based on user account deletion

        • Are you saying it is OK for Amazon to offer MacOS virtual systems in AWS?

          Because this is essentially what Correlium was doing.

        • Then what's the problem? If the alternative is less limited, then Apple should remove such limitations in its own product, or acknowledge the superiority of the rival product and stop hating

          What are you talking about? You are basically saying that if I give away free copies of the Harry Potter books, then JK Rowling trying to sue me should be told by the judge that she should give her books away for free as well.

          I think it's true,these 5G phone masts _do_ something to the brain.

      • Comment removed based on user account deletion

      • Re: (Score:1)

        by Anonymous Coward

        They do and it's free. Are you saying that Microsoft should provide it's operating system for free because someone else does?

        Apple does not provide licensed copies of their OS that are not bound to a piece of Apple hardware.
        Free or otherwise, you can't even purchase such a license either.

        What's funny is that Microsoft *does* offer their operating system for this purpose. Not for free, but you can purchase a license explicitly allowing you to run their OS virtualized.

        The only license Apple releases their OSes under is the equivilent to Microsofts OEM or System Builder licenses.
        The license locks that copy of the software to a piec

  • It will only affect where security research can be done, not whether it can be done. Essentially, it means whether the average 0day will first be found in the US or in Russia, China or Generistan.

    • Re: (Score:2)

      by phayes ( 202222 )

      Nothing is stopping true researchers wherever they may be from using the XCode OSx emulator.

      You can pretend that the kilo of cocaine you have is for personal use but no-one believes you. Other cocaine dealers will pretend to because it serves their purposes but no-one actually believes you.

  • I keep saying Fuck Apple but people keep buying their products anyway.
  • Make the project open source and have it hosted in many places and nations. Not even apple can shut that off.

    • Make the project open source and have it hosted in many places and nations. Not even apple can shut that off.

      First, you can only legally open source something if you have the copyright. Since you are not Apple, you can't open source any of Apple's software.

      And of course Apple can shut it off. By taking the first ten or so to court and getting damages that destroys these people's livelihood forever. I know life is fine in your mom's basement, but it's not so fine if you know you will never have money to leave.

      • Re: (Score:2)

        by Ed_1024 ( 744566 )
        Exactly. You cant get a copy of Windows 10 and open source it. Well, you can but not legally. It is hard not to describe taking someone elses complete commercial operating system (iOS), packaging it up, then selling the result, as anything other than blatant piracy?
  • We love your love for security. But not because you say so.

    • Re: (Score:2)

      by phayes ( 202222 )

      It's so nice you just want to steal it is not how adults who are not criminals show appreciation.

Slashdot Top Deals

New York... when civilization falls apart, remember, we were way ahead of you. - David Letterman

Close