Corellium to offer cloud-based iOS virtualisation to individual accounts
The company, which only recently ported Ubuntu Linux to work on Apple Silicon Macs, has announced on their blog that they will now offer their virtualisation tools for iOS to individual accounts on their CORSEC platform.
Unlike Android, which has open-source code that can be reviewed by any reasonably technical user, the code for Apple’s iOS mobile operating system is not available to the public. This means that Apple tightly controls the operating system and the only one who can officially inspect the code.
While this security-by-obscurity approach certainly has its appeal, it is impractical to enforce as experts are constantly trying to reverse engineer code and figure out how Apple has put things together to find weaknesses. More often than not, these experts sell any security flaws they discover on the dark web.
Corellium has managed to stand out in that regard, providing iOS virtualisation to private parties for years. While Apple makes it very hard for a security researcher to find vulnerabilities by running iOS in a virtual machine on a non-iPhone or iPad device, Corellium has provided those tools to companies for long enough for Apple to first try to acquire them and then file a lawsuit against them, which they also lost just last month.
The company, which only recently ported Ubuntu Linux to work on Apple Silicon Macs, has announced on their blog that they will now offer their virtualisation tools for iOS to individual accounts on their CORSEC platform. Previously, only enterprise accounts could access the service, while individuals could only access virtual Android devices.
However, the company has also modified its pricing strategy, because unlike virtual Android devices which use two cores, iOS devices can require up to six cores based on which model you choose. Corellium will now charge users per CPU core used like enterprise accounts, instead of per-device.
Corellium says that it wants to limit the use of its software to prevent it from being utilised for malicious purposes, so both individuals and enterprises will have to request an account and then be subject to the company’s internal vetting and approval process. They will also need to provide a use case for the software and enter their credit card details before they can access the free evaluation version, the company said.