Corellium software virtualizes iOS and lets researchers look for vulnerabilities
Apple subpoenaed the companies to hand over all the communications between their companies and Corellium, how they used the iPhone virtualizing technology, and all contracts and information about Chris Wade, Corellium’s cofounder. Apple believes that this data will aid Apple’s claim that Corellium’s software is being used in violation of the DMCA by creating an exact clone of iOS for jailbreaking and security breaching services.
The subpoena for L3Harris targets its subsidiary Azimuth Security, which is known for seeking vulnerabilities in iPhone software in its role as a defense contractor. Acquisition of information about known iPhone vulnerabilities could not only aid Apple in the court case, but help them close up previously unknown vulnerabilities.
Forbes claims knowledge of court filings not publicly available as of yet. The publication claims that Apple targeted Santander Bank after it used the software in a trial. The nature of the trial or what a bank would need with iOS virtualization software is unknown, however.
Santander Bank went on the record in saying they are not currently a Corellium client. A Tweet from bank head of research, Dan Cuthbert, suggested they were at least in possession of it.
Just gonna say this, @CorelliumHQ you are obviously all from other planets as there is NO WAY in hell this was made by humans.
Alien tech and I for one welcome our new overlords. This is magic and truly will change stuff.
— Daniel Cuthbert (@dcuthbert) August 14, 2019
In a follow up to the tweet, Daniel Cuthbert continued to remark that Apple was making a poor move in suing Corellium. That the software provided streamlined testing by removing clunky physical devices.
This clash has no end in sight. In other court filings, it was disclosed that Apple attempted to purchase Corellium in 2018, and the offer was declined. Since then, Corellium and Apple seem to be fighting in and out of the courtroom, with Corellium’s lawyer describing Apple as a “bully.”
Corellium’s lawyer David Hecht says that “we will continue to expose Apple’s bad faith tactics and, ultimately, prevail against it.”
Following our initial publication, Hecht, the Managing Partner of Pierce, Bainbridge, Beck, Price & Hecht, reached out to AppleInsider to comment on Apple’s filings.
“Apple’s subpoenas to Santander and Harris appear to have been issued solely to harass Corellium and harm its business relationships. Apple is trying to intimidate a Corellium supporter by subpoenaing his employer, Santander, even though Santander has no relationship to Corellium,” said David Hecht to AppleInsider. “Apple has been trying to harm Corellium’s business and reputation since its failed acquisition of Corellium in 2018 and is now issuing subpoenas to Corellium’s client, Harris. Corellium will be moving to quash both subpoenas.”
Apple also stated that Corellium is harassing its own people, citing an incident with their SVP of software engineering, Craig Federighi. Forbes notes that the SVP met with Corellium cofounder Harris multiple times, yet Apple says there are others in the company more knowledgeable about their dealings with Corellium.
This case continues, amidst calls for Apple to submit to government requests to weaken security and encryption. Apple’s viewpoint is that the Corellium software is an unlawful engineering of iOS, and seeks to prevent its spread while saying that it is trying to protect not just its own intellectual property, but the core of iOS encryption as well.
Update 3:50 P.M. Eastern time: Added further comment from David Hecht.