1. Is Apple scared that backdoors will be found in Ios? It's much easier to find them in a virtual environment.
2. As the article mentions, there may be zerodays for Ios developed by Corellium. It would be great to know the extent of this.
3. We might learn more about current phone cracking capabilites in general. That may open a few eyes, including mine.
I'm currently just very happy to have learned that people are poking at Apple's walled garden. Watching from the sidelines, I will appreciate any and all punches in this conflict. When secretive organizations battle in court, collateral exposure may happen :-)
I want to push a view and wish it was more widespread in the software world that finding zero days and not reporting them responsibly (like time to fix by the vendor before publication) is unacceptable. The second part of this view is that it is immoral to work at a company where you find zero days and exploit them. Working at the companies that find these and end up selling them to dictatorial regimes, secret police, as well as to the Harvey Weinstein's of the world is wrong. As a software engineer in a western country I'm fortunate to have some choice in my employers, as many of us do. My choices have some reflection on my character - and like everyone else, I'm hardly perfect myself.
There are legal and illegal activities, and companies hide behind "we only sell to countries where it's legal". It's still immoral and wrong, and I don't want to work with immoral developers. Doing this kind of stuff is not the ultimate scarlet letter - but if you are working this field, please consider the impact of your actions.
Backdoors in Android and iOS costs lives. There are many governments who today kidnap, torture and kill citizens and even non-citizens based on compromised phones e.g. Jamal Khashoggi.
And to have companies like Correlium enabling and profiting from this is utterly reprehensible. They aren't altruistic or making the world safer or being selective in who they sell their technology. They are simply the modern day equivalent of a shady arms dealer.
What Apple needs to do, IMO, is release their own version of this for free and set up a well-funded bug bounty program (lord knows they have the cash). When you have to buy the tool from a third-party, it seems like wealthy bad actors will be more likely to do so than people with good intents.
> Is Apple scared that vulnerabilities will be found in iOS? It's much easier to find them in a virtual environment.
And this is exactly why I really hope Apple loses—if they win, it could have a chilling effect for years to come. We want it to be as easy as possible for security researchers to find vulnerabilities so they can be fixed.
iOS is the worst offender of this because it’s so incredibly locked down. Where are those special iPhones for security researchers? Checkm8 helps, although it can’t be used to inspect devices newer than the iPhone X.
That's not harassment. It's due process.
As for Hackintoshes, that’s just because Apple doesn’t have a financial incentive to write drivers for hardware that isn’t their own; They make money from the hardware, not software (macOS is actually free and has been for a few years). You’re free to buy compatible hardware or write your own drivers. In fact, many do write drivers for incompatible hardware; That’s how the Hackintosh hardware selection grows.
It does not grant permission to install on custom hardware.
If you can show me how I can legally run a virtualized OSX build farm please please tell me how.
