The intensity of the lawsuit that Apple has filed against software virtualization company Corellium has reached another level as the latter’s CEO says a recent DMCA from Apple claims that it is “engaging in trafficking” and that Apple is trying to set a precedent to “eliminate public jailbreaks.” Corellium CEO Amanda Gorton has penned an open letter expressing her belief that “Apple’s latest filing against Corellium should give all security researchers, app developers, and jailbreakers reason to be concerned.”
Apple filed the lawsuit back in August with the claim that:
Corellium explicitly markets its product as one that allows the creation of “virtual” Apple devices. For a million dollars a year, Corellium will even deliver a “private” installation of its product to any buyer. There is no basis for Corellium to be selling a product that allows the creation of avowedly perfect replicas of Apple’s devices to anyone willing to pay.
At the time we also noted that “Apple also takes issue with Corellium’s spin that its iOS suite allows researchers to better discover vulnerabilities” with the objective of winning an injunction against Corellium sales.
For Corellium’s part, Gorton published an open letter of concern about what the latest filing could mean.
Apple’s latest filing against Corellium should give all security researchers, app developers, and jailbreakers reason to be concerned. The filing asserts that because Corellium “allows users to jailbreak” and “gave one or more Persons access… to develop software that can be used to jailbreak,” Corellium is “engaging in trafficking” in violation of the DMCA. In other words, Apple is asserting that anyone who provides a tool that allows other people to jailbreak, and anyone who assists in creating such a tool, is violating the DMCA. Apple underscores this position by calling the unc0ver jailbreak tool “unlawful” and stating that it is “designed to circumvent [the] same technological measures” as Corellium.
Apple is using this case as a trial balloon in a new angle to crack down on jailbreaking. Apple has made it clear that it does not intend to limit this attack to Corellium: it is seeking to set a precedent to eliminate public jailbreaks.
We are deeply disappointed by Apple’s persistent demonization of jailbreaking. Across the industry, developers and researchers rely on jailbreaks to test the security of both their own apps and third-party apps – testing which cannot be done without a jailbroken device. For example, a recent analysis of the ToTok app revealed that an Apple-approved chat app was being used as a spying tool by the government of the United Arab Emirates, and according to the researchers behind this analysis, this work would not have been possible without a jailbreak.
You can read the full open letter here.
Since August, some significant jailbreak developments have happened:
- New ‘unpatchable’ iOS exploit could lead to permanent jailbreak for iPhone 4s to iPhone X
- Developer shows a jailbroken iPhone X on iOS 13.1.1 achieved by a new exploit
- Checkra1n is the first public jailbreak tool compatible with iOS 13
Meanwhile, Apple has officially opened up its bug bounty program that also includes bigger payouts its new iOS Security Research Device program. From our previous reporting:
Apple says it is an “unprecedented, Apple-supported iOS security research platform” that features “ssh, a root shell, and advanced debug capabilities.”
FTC: We use income earning auto affiliate links. More.