Tag: Corellium | SpinSafe

A Leak Details Apple’s Secret Dirt on Corellium, a Trusted Security Startup

November 21, 2022/in Internet Security

Zach Edwards, an independent privacy and security researcher, says that “sensitive technology cannot be haphazardly sold to any company, in any country in the world.”

“While Corellium is a reverse-engineering tool that doesn’t intrinsically create risks through its sale, the core purpose of the tool is to reverse malware,” Edwards says. “And if you sell the product to malware developers in countries averse to Western interests, we should assume that this tool will be used to improve malware.”

A person who tried Corellium in the past, who asked to remain anonymous because they were not allowed to speak to the press, says that “given what’s happening in the world today, you shouldn’t be dealing with Russian companies,” such as Elcomsoft.

Elcomsoft’s CEO Katalov says that “the decision to work with a company based in Russia is a personal choice.”

“Please rest assured that we still strive to provide the best software and services, and trying to keep good relationships with our customers all over the world,” he adds. “We will just keep doing our job, making the world a safer place and battling the crime.”

Adrian Sanabria, a cybersecurity veteran, says that it’s not surprising that “groups interested in creating iOS exploits would be using a platform designed for iOS security research.”

“For me, the core takeaway is that Apple created the need for platforms like Corellium by not providing the tools, access, and transparency the market needs and desires,” he says.

Danger Zones

Some of the organizations and companies linked to Corellium in the document come from countries seen as controversial by most people in the cybersecurity community in the West, including Alex Stamos, who acted as an expert witness for Corellium in the lawsuit against Apple.

“I personally don’t believe it would be ethical to sell exploits to Saudi Arabia,” Stamos, the director of Stanford University’s Internet Observatory, said during testimony he provided in the lawsuit between Apple and Corellium, which is quoted in the document.

Stamos also expressed doubts about selling products to the United Arab Emirates, whose government had a close relationship with…

Source…

Apple loses copyright battle against security start-up Corellium

December 30, 2020/in Computer Security

Corellium, co-founded in 2017 by husband and wife Amanda Gorton and Chris Wade, was a breakthrough in security research because it gave its customers the ability to run “virtual” iPhones on desktop computers. Corellium’s software makes it unnecessary to use physical iPhones that contain specialized software to poke and prod iOS, Apple’s mobile operating system.

The judge in the case ruled that Corellium’s creation of virtual iPhones was not a copyright violation, in part because it was designed to help improve the security for all iPhone users. Corellium wasn’t creating a competing product for consumers. Rather, it was a research tool for a comparatively small number of customers.

David L. Hecht, founder of law firm Hecht Partners and co-counsel for Corellium, said in a statement: “We are very pleased with the Court’s ruling on fair use and are proud of the strength and resolve that our clients at Corellium have displayed in this important battle. The Court affirmed the strong balance that fair use provides against the reach of copyright protection into other markets, which is a huge win for the security research industry in particular.”

Apple did not immediately respond to a request for comment. In the lawsuit, Apple argued that Corellium’s products could be dangerous if they fall into the wrong hands because security flaws discovered by Corellium could be used to hack iPhones. Apple also argued that Corellium sells its product indiscriminately, a claim Corellium denied.

Judge Rodney Smith called Apple’s argument on those claims “Puzzling, if not disingenuous.” Smith found that Corellium used a vetting process before selling its products to customers.

Apple initially attempted to acquire Corellium in 2018, according to court records. When the acquisition talks stalled, Apple sued Corellium last year, claiming its virtual iPhones, which contain only the bare-bones functions necessary for security research, constitute a violation of copyright law. Apple also alleged Corellium circumvented Apple’s security measures to create the software, thereby violating the Digital Millennium Copyright Act. That claim has not been thrown out.

“Weighing all the necessary…

Source…

Apple Sues Corellium Over iOS ‘Replica’ Security Testing Software

August 21, 2019/in Mobile Security

The phone company has sued the startup for copyright infringement.
Mobile Security – Threatpost

Tag Archive for: Corellium