Apple Leak Shows Corellium’s Questionable Dealings

A 507-page leaked document from an Apple lawsuit against Corellium alleges the cybersecurity firm of copyright infringement and intentionally compromising user data with an iOS tool. The document claims the firm sold the software to spyware and malware distributors, including the NSO Group—creators of the infamous Pegasus spyware—DarkMatter, Paragon, and Pwnzen Infotech.   

Failing to prove the copyright infringement claims against Corellium, which were based on the Digital Millenium Copyright Act, Apple settled out of court in 2020. However, the settlement terms remain confidential. 

Corellium is a cybersecurity firm specializing in creating iOS and Android virtualized systems. These systems help researchers conduct security testing on devices, like iPhones, without actually buying them. 

But, in 2019, when it created and sold duplicate iOS systems, Apple sued the firm for copyright infringement. Confident in the security of its operating system, Apple had offered a $1 million bug bounty to anyone who could find gaps in it. 

According to the leaked document, Correlium’s virtualization technology went beyond security testing, and violated users’ privacy. An excerpt from the document alleges:

“Although Corellium paints itself as providing a research tool for those trying to discover security vulnerabilities and other flaws in Apple’s software, Corellium’s true goal is profiting off its blatant infringement…Far from assisting in fixing vulnerabilities, Corellium encourages its users to sell any discovered information on the open market to the highest bidder.”

Direct Emails to Banned Surveillance Firms

Basing its lawsuit on copyright infringement claims, Apple asserted Corellium had no license to duplicate the iOS infrastructure and to virtualize it for its customers. It requested the court to stop Corellium from selling and marketing Apple’s software. However, copyright infringement isn’t the only claim…