How do you bounce back from being sued by the world’s most valuable company? Ask Corellium CEO Amanda Gorton. After Apple launched a suit against her startup in 2019, alleging it had breached copyright in making virtual versions of iPhones for security testers, the company had to put much of its energy and focus into fending off the tech giant’s lawyers. In December, Corellium scored a significant win as one of Apple’s claims—that it infringed iOS copyright – was rejected by a judge. The other claim—that Corellium circumvented Apple security measures in violation of the Digital Millennium Copyright Act—is still to be decided on. The same month it got its victory in court, Corellium was named product of the year in the inaugural Fintech Zoom Cybersecurity Awards. “We’re in a better spot than we were a year ago,” Gorton says. “We’ve had a lot of momentum.”
Corellium is pressing onwards to build what it hopes will be a virtual paradise for researchers looking for security weaknesses in Apple iPhones or its new M1 Macs, or any other ARM-based system. The company had already created software that could quickly spin up virtual versions of iPhones, as well as some Android models, so benevolent hackers could try to find problems in the devices, without having to worry about crashes ruining their test device. And this week, Corellium is announcing it has bought Azeria Labs, run by Fintech Zoom 30 Under 30 alum Maria Markstedter, one of the world’s leading security researchers when it comes to ARM designs. Her focus has always been to train researchers in the art of ARM exploitation, finding flaws deep at the chip level, ideally so they can be disclosed to the manufacturer and fixed. Now, as chief product officer of Corellium, she’ll be bringing that training into the Corellium tool, making it that much easier to find bugs in not just Apple products, from the iPhone to the M1 Macs, but Android and Arm-based Internet of Things (IoT) devices as well.
“A huge part of our interest here is lowering the barrier to entry for people who are looking to get into the field and maybe are a little bit intimidated by either the cost of new hardware or if there’s not a device readily accessible,” Gorton told Fintech Zoom, saying she was hopeful women who were previously considering dabbling in the art of security research would be inspired to use Corellium. “There’s just such a dearth of women in the security research industry that, hopefully, making it more approachable and accessible will help even the playing field.”
The terms of the deal have not been revealed, though Markstedter said it was “more of an acquihire with an equity stake in Corellium.” She will be joined by colleague Matt Tait, a former analyst at British spy agency GCHQ, who will become Corellium chief operating officer.
Markstedter told Fintech Zoom that she was excited to help build a tool not just for security researchers but also mobile app developers. “Having an efficient platform to perform security audits without the cumbersome and expensive need for hardware and setup is needed now more than ever,” she said.
“One of my goals working with Corellium is to build a new training platform is to train everyone—from the people just starting out in mobile security testing, right up to the most advanced security researchers—on how to test and security-audit mobile and other Arm-based devices for security issues, all using an environment designed to make that workflow far more efficient.”
Will the addition of more ARM exploitation expertise annoy Apple some more? Gorton says she isn’t sure if it’ll draw more attention from the iPhone maker. “What more can they really do?”
The battle with Apple still isn’t over. A jury trial awaits this May, unless the two companies can come to a settlement.