
Apple is suing iOS virtualization vendor Corellium for violating DMCA - kwiens
https://www.ifixit.com/News/apple-is-bullying-a-security-company-with-a-dangerous-dmca-lawsuit
======
lostgame
Well, no, shit - Corellium, from what I can tell from other articles I’ve had
to read, (their website is a virtual drought of information about the product)
seems to have literally built its own virtualization platform to emulate
specific iOS devices - and is likely literally just throwing IPSW files (the
actual iOS releases from Apple themselves) onto this emulator and selling it
as a service.

As much as I believe in the open and free exchange of ideas I can’t actually
agree with iFixit here.

The excuse of it being sold as a ‘security product’ contradicts the only
statement on their website - that its a tool for development.

John Deere locking farmers out of repairing their own hardware? Awful, shitty
behaviour.

But this is literally stealing Apple’s OS, shoving it in an emulator and
charging people for it.

This article also makes the fallacious argument that Apple ‘gives away’ iOS
with the purchase of an iPhone or iPad. That’s silly - the cost of the OS is
built into the purchase price.

The R&D and development time and money that goes into iOS or MacOS is part of
what we are paying for when we purchase a device from Apple.

When we purchase a computer from Dell with Windows 10, the cost of the OS is
bundled with the purchase - but Microsoft still gets paid from that - unless,
of course we might order the specific subset of Dell computers with Linux on
them.

I expect better from iFixit. This article reads like a sob story from the CEO
of the company. You stole their software. What did you expect?

How is this any different from a company that would sell you a preconfigured
hackintosh? Or selling a DVD player with an unlicensed movie on it? :/

We can bitch about iOS and MacOS being closed platforms all we want - but for
myself and many others the hardware/software package-as-a-unit is actually a
huge part of the point.

~~~
ProAm
It's amazing how people on HN can support companies like AirBNB, Uber, Lyft
who flagrantly break laws to bring a new product to market that is arguable
better than the old way of doing things, and then at the same time not support
a company like Corellium for doing the same thing because it's Apple.

This is clearly a sorely needed product, Apple even agrees because they tried
to BUY the company and when they said no they want to take their ball and go
home.

~~~
dgzl
>because it's Apple.

I think you're being assuming here.

~~~
jshevek
The pattern is evident, and it becomes more clear if you look at individuals'
comment histories.

~~~
ryanlol
If you’re going to do this please make specific allegations instead of posting
this pathetic nonsense.

Or email hn@ycombinator.com like the guidelines tell you to.

------
Lammy
It sounds like Apple are going to release their own iOS device cloud
virtualization product at WWDC in exactly six months, so their lawyers are
turning up the heat now on their lawsuit from last August that they assumed
would be settled—in their favor—by now.

~~~
saagarjha
Apple started a “research device” program shortly before filing this lawsuit.

~~~
tyingq
Apparently, Apple also tried to buy Correlium shortly before this lawsuit.
[https://twitter.com/mdowd/status/1193299900408090624](https://twitter.com/mdowd/status/1193299900408090624)

------
zamadatix
Articles that spend more time telling you how to feel about things instead of
reporting on them should not be categorized as news.

------
tedivm
Honestly if I was a security vendor who found a major vulnerability in IOS
this type of behavior by Apple would make me far more likely to simply release
it rather than work with them to get it resolved.

~~~
FDSGSG
I don't think anyone at Apple would be all that upset over that. A publicly
released exploit is better than one privately sold to intelligence agencies.
It's specifically the latter market that Corellium seeks to serve.

~~~
saagarjha
> It's specifically the latter market that Corellium seeks to serve.

Hence why Corellium often provides members of the security and jailbreak
community with access to their services.

~~~
vineyardmike
Lots of companies give lots of things to "the community" for goodwill, but
that doesn't mean they don't also sell to governments. Amazon gives AWS away
to anyone, but ALSO tried to get the JEDI contract. One doesn't negate the
other.

~~~
saagarjha
This is starting to veer off track, but I am not overly sympathetic to “but
your tool is used by bad people” arguments in cases where there are
reasonable, general uses for the tool. Nobody goes after McDonalds because
murderers eat there, too.

~~~
ryanlol
Ah yeah, McDonalds is _totally_ a reasonable comparison!

Corellium doesn’t charge a few “nice” researchers, but builds their business
around the evil researchers willing to pay $1M/yr for a license. Clearly
they’re exactly like McDonalds!

~~~
willstrafach
That's not the real licensing cost at all. The cloud and on-premise options
are both available for substantially less.

~~~
ryanlol
The licensing costs seem to depend on who’s asking. I have no doubt that they
might have offered you substantially better rates than that.

People keep making very confident but incorrect statements regarding prices
offered by Corellium because they assume everyone gets quoted the same, see
this twitter thread for another example
[https://twitter.com/therealdaneel/status/1193122030687797248](https://twitter.com/therealdaneel/status/1193122030687797248)

------
FDSGSG
>So useful, in fact, that Apple tried to buy the company

It's not like Apple can't virtualize iOS.

Beyond that, I feel like this article could've done a much better job
representing Apples claims. The author attempts to paint Corellium as the good
guys while completely ignoring that they primarily sell to the likes of
Azimuth.

Maybe DMCA is bad and Apple is evil, but that doesn't make Corellium the good
guys.

~~~
lostgame
>> Maybe DMCA is bad and Apple is evil, but that doesn't make Corellium the
good guys.

Not only is this my favourite point in all the comments I’ve read - but I feel
like this one sentence says, in one sentence - what it took me like a page and
a half to convey. :P

~~~
kwiens
Author here. I don't see how providing a platform to speed up security
research is a bad thing.

That said, I don't have a huge problem with Apple's 'they copied our bits'
complaint. That's true.

The problem is that Apple is weaponizing 1201 in a way that would be very
damaging if applied in other contexts.

~~~
saagarjha
But Corellium _isn’t_ copying their bits; users provide their own iOS files.

