The company that sold the iOS emulation software on its web browser suddenly “countered”, accusing Apple of the money it didn’t pay

Tram Ho

In August, Apple sued Corellium for alleged copyright infringement, alleging that the startup’s iPhone emulator was illegal. Apple says the iPhone emulation software has helped technology experts sell hacking tools, based on software bugs found on the iOS operating system to government agencies, who want to target one. specific iPhone number.

The cybersecurity community argues that Apple is trying to use copyright issues to control the security market, as well as to find ways to legitimize software vulnerabilities on its devices. The suit was filed just days after Apple announced it would provide researchers with special equipment, which had been hacked so that they could find and report bugs to the company.

“Through an invite-only research device program and this lawsuit, Apple is trying to control who is allowed to identify the vulnerabilities on the device. But if Apple finds out and knows how to solve the problems. loopholes, does the company publish them publicly? “Corellium countered. This is also considered the common voice of the security research community.

According to Corellium, basically using Apple’s code in its products is reasonable. Corellium also said it made the world a better place, by helping security researchers check the iPhone’s operating system, find vulnerabilities in it and help Apple fix them. Thanks to Corellium, researchers can more easily find bugs by creating virtual versions of iOS and testing them faster, as opposed to having to use actual physical devices. Corellium tried to illustrate this by giving “before” and “after” illustrations to prove the researchers felt when trying to hack the iPhone.

Công ty bán phần mềm giả lập iOS trên trình duyệt web bất ngờ phản đòn, cáo buộc Apple nợ tiền mình không trả - Ảnh 1.

Artwork in Corellium’s response.

According to a report from Motherboard earlier this year, Corellium employees purchased special iPhones from the black market. These are dev-fuse iPhones, containing special software that Apple employees and factory workers use to test. The software has fewer security restrictions, allowing researchers better access to parts of the operating system and phone code snippets.

Last week, Apple pressured eBay to scrap a list of prototype iPhones, sold for $ 10,000.

Corellium’s main argument lies in the assumption that Corellium customers are looking for errors with the intention of alerting Apple to their existence. However, now that is just an assumption.

Corellium’s only customer name in the company’s response is Azimuth Security, acquired by a defense contractor last year. According to the report, Azimuth is one of the best companies in the world in finding bugs on iOS and developing exploit applications, taking advantage of those bugs. And Azimuth doesn’t report those bugs to Apple. Instead, it sells hacking tools based on the bugs it finds to law enforcement and intelligence agencies in the US, UK, Canada and other countries. Many security researchers who look for vulnerabilities in iOS also often do not report bugs to Apple because they want to keep bugs for themselves or sell them to third parties.

When asked if they ever reported bugs in iOS to Apple when they were found using software from Corellium, Mark Dowd, Azimuth founder, replied: “No.”

Công ty bán phần mềm giả lập iOS trên trình duyệt web bất ngờ phản đòn, cáo buộc Apple nợ tiền mình không trả - Ảnh 2.

Apple doesn’t seem to have a very close relationship with security researchers.

Daniel Cuthbert, cybersecurity researcher at Santander bank, said his team used Corellium to test the bank’s applications on various iPhone devices and iOS versions. He said the software proved very useful.

“The real strength of Corellium is that it helps people write better applications, by distributing and testing them automatically, not depending on physical devices,” Cuthbert said. “Apple’s ban is hurting business more than they think.”

Another important part of Corellium’s response is that Apple has known the company for years and has always been friendly with one of its founders, Chris Wade. Corellium alleges that Apple invited Wade to participate in its “error-finding fault” program in 2017. Even Apple invited Wade to work, a year before Wade founded Corellium. Since then, according to Corellium, Wade has reported 7 iOS bugs to Apple, with a corresponding reward value of up to $ 300,000. However, so far Apple has not yet paid.

An Apple spokeswoman did not respond to the request, saying it was part of the company’s original file. Wade also did not comment.

Công ty bán phần mềm giả lập iOS trên trình duyệt web bất ngờ phản đòn, cáo buộc Apple nợ tiền mình không trả - Ảnh 3.

Corellium’s case may be more mysterious and complex.

However, according to some security researchers, after Apple’s bug-finding pay program was launched in 2016, some people have yet to be paid. Of course, there have been people who get paid in the last few years.

Corellium suggests that they know the real reason why Apple didn’t pay for Wade. However, this reason cannot be announced at the moment, because it may cause the case to expand.

Yesterday, a report from Forbes revealed that Apple was negotiating to acquire Wade’s previous startup. This is a company that provides a similar type of product as Corellium. Other sources from Motherboard say that Apple is also negotiating to buy Corellium itself, but those negotiations have gone nowhere.

Refer to Vice

Share the news now

Source : Trí Thức Trẻ