Apple accused of using copyright law to harm security industry

Security researchers are surprised by Apple's move.


Back in August, Apple filed a lawsuit against Corellium, a virtualization company that allows developers and researchers to use virtualized instances of iOS in a web browser. Apple accused Corellium of copyright infringement for illegally replicating the iOS operating system and its applications.

>Read the Lawsuit<

“Corellium serves up what it touts as a perfect digital facsimile of a broad range of Apple's market-leading devices–recreating with fastidious attention to detail not just the way the operating system and applications appear visually to bona fide purchasers, but also the underlying computer code. Corellium does so with no license or permission from Apple” reads the lawsuit.

Corellium uses virtualization to help researchers identify security risks in software.

On October 29, Corellium responded saying that their use of Apple's code constitutes fair use and in fact supports the iOS ecosystem by making it easier for researchers to identify vulnerabilities. They also claimed that Apple owes them $300,000 for identified security bugs.

Daniel Cuthbert, head of cybersecurity research at Santander bank, said that his team used Corellium to test the bank’s apps on different iOS versions. “The real power and strength of Corellium is that it helps people write better apps by distributing and testing them in an automated fashion that doesn't depend on physical devices,” Cuthbert said. “Apple is hurting the business world more than they think.”

On November 7, Corellium published a statement addressing the lawsuit. “This comes as a surprise to our team, given our long-standing relationship with Apple. Apple has been aware of our ground-breaking technology since the company was founded, and at any point in the past two years, Apple could have notified us of their concerns. We think Apple’s lawsuit is driven by its own business interests rather than a genuine belief that we violated any of its rights,” reads the statement.

Critics argue that Apple is shutting down independent security research for profit motives. iOS developer Jamie Bishop tweeted yesterday about Apple's latest filing, arguing that it sets a dangerous precedent: “It effectively will set a precedent which makes unsanctioned research of Apple products ILLEGAL. This “security focused” company is sending a clear message here: look into our shit and we will ruin your life.”


Carl Sinclair

Carl Sinclair is a technology reporter covering anti-competetive practices and privacy issues for Reclaim The Net. [email protected]