12-30-2020, 02:52 PM
As an avid Apple user, I thought this story was interesting when I first heard about it a couple years ago. Corellium is a ARM virtualization company that specializes in bug bounty and virtualized developer tools for iOS and Android. Now the iOS piece of the company has been very interesting over the past couple years with Apple claiming that the virtualization of iOS violates United States Trademark Laws, so they were forced to take down that stem of there services. In this overview I will break down things in relation to the case and then my personal thoughts of the matter.
1. Apple's View of Security
When Apple first went after Corellium I did not understand why to be honest, I started off my Apple journey with an iPod Classic then got an iPhone 3GS that I jailbroke to make compatible with T-Mobile at the time, as AT&T was the only cellular company that had the license rights to the handset. From my point of view, Apple always cherished the Jailbreak/Hackintosh community under Steve Jobs as we continued to use their technologies and showed them what could be done with them. This focus shifted as the FBI requested Apple to unlock an iPhone belonging to the individual behind the San Bernardino bombing in 2015, Apple upholding their Privacy Policy to their users and this marking a pivotal moment in the company's history to the rhetoric of "Actions speak louder than Words." We soon after started seeing companies try to use methods created by the Jailbreak community to serve law enforcement with a brute force tool that could bypass the Lock Screen of any iPhone just by plugging it into a black box. Apple stood their ground and the Supreme Court of the United States ruled in favor of Apple that a tech company, even with a warrant, does not have to disclose the information of a user or provide a backdoor into their operating system for law enforcement agencies. Flash forward to 2018, Apple files a lawsuit agains Corellium for virtualizing their operating system iOS 12. Corellium quickly removed the stem from their services and the court hearings began. Apple citing "services such as this not sponsored by Apple could lead to backdoor vulnerabilities compromising the entire ecosystem for all of our customers." December 2020, the court ruled in Corellium's favor with the case currently at an impasse for Apple.
2. My view
Initially I thought Apple was just trying to control the share of the market for services such as this, simply using privacy as the vehicle for their case. Though I appreciated the notion of privacy and keeping the kernel of the operating system in a controlled environment, the kernel has realistically been exposed to the community for years just from the Jailbreak community alone. I always gravitated towards Apple due to their security and privacy policies, but in app development with Android, Google has a pretty solid grasp on security updates especially when it comes to their Pixel/Nexus line of handsets. I feel as if though Corellium won this stage of the battle, but Apple will find the source of the vulnerabilities of which Corellium used to virtualize the OS in the first place, especially with the new Bug Bounty Program they established over the past year. I would love to hear everyone's views on this matter, as I am on the fence with this one. Is it more Apple control or valid security concerns?
3. What's next?
This is the part that interests and excites me, especially when it comes to Post4VPS and the VPS community. With the virtualization of iOS, does that also open up the prospect of macOS virtualization? The operating system being a unix-like operating system would easily run on a KVM node especially if we the community/developers were able to modify to ktexts to be compatible with the networking adapters presented for that specific VPS and then would be able to bake in flagging to force the terminal shell instead of the GUI. What are some of your "wishlist" items that you would hope to see come out of this case?
Thanks for reading everyone, I can't wait to hear everyone's thoughts and hopefully have some great discussions out of this.
1. Apple's View of Security
When Apple first went after Corellium I did not understand why to be honest, I started off my Apple journey with an iPod Classic then got an iPhone 3GS that I jailbroke to make compatible with T-Mobile at the time, as AT&T was the only cellular company that had the license rights to the handset. From my point of view, Apple always cherished the Jailbreak/Hackintosh community under Steve Jobs as we continued to use their technologies and showed them what could be done with them. This focus shifted as the FBI requested Apple to unlock an iPhone belonging to the individual behind the San Bernardino bombing in 2015, Apple upholding their Privacy Policy to their users and this marking a pivotal moment in the company's history to the rhetoric of "Actions speak louder than Words." We soon after started seeing companies try to use methods created by the Jailbreak community to serve law enforcement with a brute force tool that could bypass the Lock Screen of any iPhone just by plugging it into a black box. Apple stood their ground and the Supreme Court of the United States ruled in favor of Apple that a tech company, even with a warrant, does not have to disclose the information of a user or provide a backdoor into their operating system for law enforcement agencies. Flash forward to 2018, Apple files a lawsuit agains Corellium for virtualizing their operating system iOS 12. Corellium quickly removed the stem from their services and the court hearings began. Apple citing "services such as this not sponsored by Apple could lead to backdoor vulnerabilities compromising the entire ecosystem for all of our customers." December 2020, the court ruled in Corellium's favor with the case currently at an impasse for Apple.
2. My view
Initially I thought Apple was just trying to control the share of the market for services such as this, simply using privacy as the vehicle for their case. Though I appreciated the notion of privacy and keeping the kernel of the operating system in a controlled environment, the kernel has realistically been exposed to the community for years just from the Jailbreak community alone. I always gravitated towards Apple due to their security and privacy policies, but in app development with Android, Google has a pretty solid grasp on security updates especially when it comes to their Pixel/Nexus line of handsets. I feel as if though Corellium won this stage of the battle, but Apple will find the source of the vulnerabilities of which Corellium used to virtualize the OS in the first place, especially with the new Bug Bounty Program they established over the past year. I would love to hear everyone's views on this matter, as I am on the fence with this one. Is it more Apple control or valid security concerns?
3. What's next?
This is the part that interests and excites me, especially when it comes to Post4VPS and the VPS community. With the virtualization of iOS, does that also open up the prospect of macOS virtualization? The operating system being a unix-like operating system would easily run on a KVM node especially if we the community/developers were able to modify to ktexts to be compatible with the networking adapters presented for that specific VPS and then would be able to bake in flagging to force the terminal shell instead of the GUI. What are some of your "wishlist" items that you would hope to see come out of this case?
Thanks for reading everyone, I can't wait to hear everyone's thoughts and hopefully have some great discussions out of this.
