Corellium
  ; 2 comments Facebook Twitter Reddit
AppleInsider may earn affiliate commissions for purchases made through links on our site.
Despite vehement denials, iOS virtual tool maker Corellium allegedly sold its software to spyware and malware distributors, including the makers of the infamous Pegasus.
Corellium is known for releasing a virtualized version of iOS that allows security firms and researchers to identify bugs and weaknesses. The firm had previously attracted the attention of Apple, sparking a copyright infringement lawsuit that was settled in 2021 but was challenged by Apple shortly thereafter.
A leaked document prepared by Apple for the lawsuit that Wired saw showed that Corellium tools were not being used for good reasons. Internal messages in the 507-page volume indicate that Corellium tools have been used by organizations that are considered a privacy and security risk.
The list includes NSO Group, the infamous security firm behind the Pegasus spyware that has been used to spy on activists, journalists and other people of interest. The document mentions how in 2019 the NSO Group received a trial version of its tool.
A long document was created by Apple as part of a lawsuit to show that Corellium has a history of providing its tools to malware attackers, including regimes with a bad reputation for human rights.
“Corellium not only does not help fix vulnerabilities, but encourages its users to sell any information they discover on the open market to the highest bidder,” Apple's lawsuit against the firm says.
This goes against Corellium's constant claim to be one of the good guys, with its tools designed to detect and report software bugs.
Messages from Corellium's sales team have also bid to supply software for DarkMatter, the cybersecurity division. DarkMatter, now closed, has been linked to the UAE government, which has a history of cracking down on human rights activists and journalists.
Corellium told the publication that NSO Group and Dark Matter had access to a “time-limited/limited functionality trial” of their software, but both companies were denied the opportunity to purchase after verification.
The document also says that in 2019 the company also sold its software to Paragon, which is considered a supplier of surveillance technologies to governments around the world.
He also allegedly licensed the tools to Pwnzen Infotech, which was founded by part of the Chinese iOS and iPhone hacker group Pangu Team. In 2019, when Pwnzen was a client of Corellium tools, a Pwnzen sales representative apparently said that the company helped the Chinese government hack a man suspected of “undermining the government.”
The list also includes Elcomsoft, a Russian iPhone hacking company. While Corellium says it makes sure the companies are not affiliated with countries that are sanctioned by the US government, Elcomsoft appears to be a customer despite being headquartered in that country.
He also allegedly sold tools to Cellebrite, best known for making iPhone unlock devices. Cellebrite equipment has been purchased by many law enforcement agencies around the world, especially in the United States.
Virtually all of the firms mentioned have ties to countries that conduct extensive surveillance operations on potential government critics, including China, Saudi Arabia and Bahrain.
Corellium insists that it had “great opportunities to profit from these unscrupulous players and chose not to”, and that it limits sales of its cloud product to “less than sixty countries” and has ” black list”. “for certain organizations.
The problem with Corellium is that its tool, while intended for good purposes, has the potential to be used for criminal or underhanded purposes.
“Despite that Corellium is a reverse engineering tool that does not in itself pose a risk when sold, the main purpose of this tool is to reverse malware,” said independent privacy and security researcher Zach Edwards. “And if you sell a product to malware developers in countries hostile to Western interests, we should assume that this tool will be used to improve malware.”
