Apple filed a lawsuit against virtualization software company Corellium in August last year, arguing that the product infringes its copyright.
It subsequently added allegations that the Corellium product was in violation of the DMCA.
A Florida judge has dismissed Apple’s copyright claims because DMCA claims still need to be settled in court.
So what is Curelium? Corellium allows security researchers to rotate a virtual ARM device (including iOS devices) in a browser and take a deep look under the hood to discover potential security bugs.
For example, Corellium can allow a security researcher to quickly launch a simulated iPhone and search for potential bugs. If one of them is detected, they can quickly download previous versions of iOS to see how long this error has been. If there is an error “bricks” the default iOS device and renders it unusable.
It is just a matter of starting a new device rather than getting a whole new phone. Virtual devices can be paused, giving researchers a detailed look at their exact state at any given moment.
After reviewing the evidence, the court found no shortage of goodwill and fair dealing. Moreover, in evaluating all necessary factors, the court found that Curelium had fulfilled the burden of establishing fair use. Hence, its use of iOS in relation to the Corellium product is permitted. It is on these grounds that Corellium’s Motion for Summary Judgment is granted based on Apple’s copyright claim.
Smith cites Corelium’s ability to do things like:
- See ongoing processes and stop them.
- Kernel modification.
- Using CoreTrace, a tool to view system calls.
- Use app browser and file browser.
- Taking live snapshots as “proof that the product” is not just a recompiled version of iOS “and should be considered fair use.
Smith also notes repeatedly that this legal action comes after Apple considers the acquisition of Corellium.
The two parties were engaged in discussions about Apple’s potential acquisition of Corellium between January 2018 and summer 2018.
During this time, the two met in person and by phone. Corellium explained to Apple the technology behind the Corellium product and how it works and discussed the Corellium business and intent to market the Corellium product.
In a possible context, if Apple acquired a Corellium product, the product would be used internally for testing and validation (that is, to check for any vulnerabilities in the system and hardware operation).
While this decision eliminates copyright claims (excluding potential appeals), there was no expeditious ruling on DMCA claims.
Apple argues that Corellium is working around built-in authentication and security checks, while Corellium argues that such things are implemented at the hardware level and that the firmware they handle is “iOS IPSW files” being left unencrypted, unprotected, unsecured, and out for distribution. The performance, presentation, and public access, copying and modification thereof.