"Apple's latest filing against Corellium should give all security researchers, app developers, and jailbreakers reason to be concerned."
Corellium yesterday responded to a lawsuit by Apple, claiming in a blog post that the company is trying to crack down on the jailbreaking community. Corellium offers a mobile device virtualization product that emulates iOS in the browser.
Apple sued Corellium for replicating iOS, and earlier this month amended its suit to argue that the software enables people to jailbreak iOS in violation of the Digital Millennium Copyright Act (DMCA). Corellium argues that jailbreaking is legal and an effective way to identify vulnerabilities in iOS.
"Apple's latest filing against Corellium should give all security researchers, app developers, and jailbreakers reason to be concerned," reads the post.
What Corellium does — In essence, Corellium offers a virtual version of iOS that can be used to identify security vulnerabilities in the operating system. The software displays the chain of execution in iOS so developers and researchers can identify exactly where problems are occurring that could be exploited. Apple already has an approved program for identifying exploits, but it’s invite-only and limited to security researchers with a track record of high-quality research.
The perfect solution — If Apple really doesn’t want people using a rogue emulation of iOS to identify exploits, there’s a simple way to solve this: acquire Corellium. The two companies were apparently friendly until Apple opened up its Security Bounty Program and began offering special iPhones to researchers. Emulations would be a cheaper solution for interested researchers.
Operating systems are never going to be 100 percent free of security vulnerabilities, and shutting down Corellium isn’t going to stop jailbreaks. As Corellium notes, the very act of jailbreaking itself reveals exploits for Apple to patch: "The developer behind the unc0ver jailbreak was acknowledged and credited by Apple for assisting with a security vulnerability in the iOS kernel - a vulnerability he discovered while using Corelliumm."
By making it difficult to look under the hood of iOS, Apple is practicing security through obscurity and only helping bad actors — like intelligence agencies — keep exploits to themselves.