In the back Last year’s august Apple filed a lawsuit against virtualization software company Corellium, arguing that the product infringed its copyright and later added claims Corellium’s The product violates the DMCA.
While DMCA claims still have to be settled in court, a judge in Florida is ruled out Apple Copyright claim.
So what is Corellium? To simplify this, Corellium allows security researchers to spin a virtualized ARM device (including an iOS device) in a browser and pick up a browser Deep Look under the hood to discover potential security bugs. As i wrote Last year:
Corellium, for example, may allow a security researcher to fire a fake iPhone and hunt for potential bugs. If a search is made, they can quickly load earlier versions of iOS to see how long this bug is. If a bug “bricks” a virtual iOS device and makes it unusable, then it’s a matter of booting a new one instead of getting a new phone. Virtualized devices can be stopped, allowing researchers to get a detailed idea of its exact position at any time.
After reviewing the evidence, the court does not appear to lack good faith and reasonable behavior. In addition, weighing all the necessary factors, the Court found that Corollium had met its burden of establishing fair use. Thus, the use of iOS is permitted in relation to the Corellium product. On these grounds, Corollium’s Motion for Summary Judgment is allowed on Apple’s copyright claim.
Smith cites Corellium’s ability to do things such as “(1) see and stop ongoing processes; (2) modify the kernel; (3) use CoreTrace, a tool to view system calls; (4) use an app browser and a file browser; And (5) take a live snapshot “as proof that the product is” not just a revoked version of iOS “and should be fair use.
Smith also repeatedly notes that this legal action has taken place after Apple contemplated acquiring Corellium.
Between January 2018 and the summer of 2018, the parties were engaged in discussions about Apple’s possible acquisition of Corellium. During this time, the parties met in person and over the telephone. Corellium briefed Apple about the technology behind Corellium Product and how it works, and discussed Corellium’s business and Corellium Product’s intent to commercialize.
If Apple had acquired Corellium Product, the product would be used internally for testing and verification (which would be to verify the vulnerabilities of any system and the functioning of the devices).
While this decision removes copyright claims (aside appeals), there was no such quick ruling on DMCA claims. Apple argues that Corellium is working around built-in authentication and security checks, while Corellium argues that such items are implemented at the hardware level and the firmware (iOS IPSW file) they work with. They are “unencrypted, insecure, unlocked.” And reaching out to the public, copying, editing, distributing, performing, and performing. “