Apple is doing legal battle with Corellium, a company that virtualizes iPhones. (Photo illustration ... [+]
Apple lawyers aren’t holding back in trying to learn more about Corellium, the cybersecurity startup it’s suing after the latter created tech producing “virtual” or software versions of iPhones for security and functionality testing.
In a move that’s sure to raise eyebrows, Apple has subpoenaed Santander Bank and the $50 billion-valued intelligence contractor L3Harris Technologies for information on their use of Corellium, Forbes has learned.
In both subpoenas, which are not yet publicly available, Apple demands L3Harris subsidiary Azimuth Security and Santander provide data including: all communications between the companies and Corellium, details on how they use the iPhone-virtualizing technology, all internal communications about the use of the tech, all contracts, and all information they have on the startup’s cofounder Chris Wade.
Apple goes aggressive
That Apple is attempting to force two huge companies to cough up data on their use of Corellium shows how far the iPhone maker is willing to go in fighting companies it considers a threat to its copyrighted tech.
For defense contractors, tools like Corellium can help them break Apple's security, potentially for helping intelligence agencies carry out surveillance on targets’ iPhones, but also to identify weaknesses in government-issued phones and devices.
Apple has called on L3Harris’s subsidiary Azimuth Security, which is known to look for vulnerabilities for both securing and hacking iPhones. If Apple gets what it wants, it may gain access to iPhone vulnerabilities it didn’t know about, potentially leading to patches, but also possibly upsetting intelligence operations. That’s no small issue.
And with Santander, Apple could have made an assumption that the British arm of the Spanish banking giant was a Corellium customer, despite it only having trialled the tech, according to sources with knowledge of the companies’ relationship.
Apple's legal action against Santander might have been prompted by tweets dating from August 2019 from the bank’s head of research, Dan Cuthbert, which were highly complimentary of Corellium: “Just gonna say this, @CorelliumHQ you are obviously all from other planets as there is NO WAY in hell this was made by humans. Alien tech and I for one welcome our new overlords. This is magic and truly will change stuff.”
In its subpoena Apple names Daniel Cuthbert, the U.K.-based head of cybersecurity research at Santander and a noted industry expert. Apple asks that the bank provide documents that relate to Cuthbert’s “use and assessment of the Corellium Apple Product.”
Santander said it couldn’t comment on subpoenas but confirmed it was not a Corellium client. L3Harris declined to comment.
Corellium’s lawyer: Apple is a bully
“Apple is trying to intimidate a Corellium supporter by subpoenaing his employer, Santander, even though Santander has no relationship to Corellium,” said David Hecht, Corellium’s counsel and partner at Pierce Bainbridge, who described Apple as a “bully.”
“Apple has been trying to harm Corellium’s business and reputation since its failed acquisition of Corellium in 2018 and is now issuing subpoenas to Corellium’s client, Harris. Corellium will be moving to quash both subpoenas.” Apple has admitted in court filings that it had discussions with Corellium about an acquisition throughout 2018, a year before it sued the company in August 2019.
“We will continue to expose Apple's bad faith tactics and, ultimately, prevail against it,” Hecht added.
Apple hadn’t responded to a request for comment at the time of publication.
Apple: Corellium ‘Harassed’ Craig Federighi
On the other side, Apple has claimed in letters filed with the court that its head of software development and long-time employee, Craig Federighi, has been “harassed” by Corellium’s lawyers.
Apple lawyers have argued that Federighi shouldn’t be required to give testimony as others are more knowledgeable of its dealings with Corellium, despite the software VP having met numerous times with Wade and his colleagues. They claim that Corellium’s attempts to serve legal papers on Federighi at his home amounted to harassment.
In his own words, as filed with the court, Federighi said: “On Saturday February 8, 2020, a process server was outside of my home. He came to my front door and attempted to serve a subpoena to me, but my wife turned him away.”
With lawyers accusing one another of various forms of aggression, this David v. Goliath court battle is starting to heat up.
