Corellium iOS Virtualization Tool Now Available To Individuals
While leaks of Apple's next hardware products have become more common and more easy-flowing, its software remains closely guarded secrets kept behind locked doors. This security by obscurity strategy has worked in Apple's favor in keeping some malicious actors out but has also thwarted attempts by third-party security researchers to help improve the software. At least that's the goal that Corellium has with its contested iOS virtualization tool that it is now making available even to individual customers.
Unlike some other operating systems, Apple has made it virtually impossible for iOS to run on any device other than Apple's, including using virtualization technology to run iOS on a powerful desktop computer. Virtualization, however, is seen by some security researchers, like the folks behind Corellium, as key to testing and investigating iOS' security with the goal of helping Apple improve the platform, not to weaken it.
For that purpose, Corellium developed support for virtual iOS devices to run on its CORSEC security research platform. It's also for that reason that Apple sued it on grounds of copyright infringement. Surprisingly, Apple lost that battle, though it still has a few cards to play. In the meantime, it seems that Corellium is using that victory to push forward with its new commercial offering.
Previously available only to enterprise subscribers, Corellium is now opening the doors to its virtual iOS devices to individual subscribers. The purpose remains the same but, this time, the company is probably hoping that lone white hat hackers will also be encouraged to try out their tool instead of some cracking or jailbreaking tool from the hacking community or, worse, the dark corners of the Web.
That, however, doesn't mean that just about anyone can grab the tool, not that everyone would be able to afford it. Now that it is opening the virtual iOS option to individual subscribers, Corellium is now requiring even individuals to request an account and go through their vetting process to ensure it doesn't fall into the wrong hands.