Do you dare to use a Nokia phone with iOS built in? Presumably most people’s answer is NO, not because Siri will taunt itself for being old-fashioned, but because such an Apple operating system shouldnot exist… Except, of course, jailbreaks. On November 29th researchers revealed that an open source underlying simulator could run multiple versions of Apple’s mobile operating system at next week’s Blackhat Europe conference.
While not quite as an iOS system on a Nokia phone, it does reproduce the iOS kernel running on a QEMU virtual machine.
iOS emulator based on QEMU virtual machines
There are many scenarios where you need to use a virtual machine. For example, a comrade who is interested in writing an operating system often needs a virtual machine to run and debug the system he writes, and for example, a friend who likes to study network architecture needs to virtually make n systems on his computer to form a variety of networks.
Jonathan Afek, head of simulation projects and security, said the software was provided by a HCL AppScan dynamic test research security team that aims to build on the open source emulator QEMU, enabling security researchers to access and operate iOS more processably. This is an advantage when searching for vulnerabilities and system weaknesses.
Like most jailbreak software, the emulator operates thanks to vulnerabilities that come with Apple’s mobile system, and Afek plans to show how to use setting up search escloses on the day of the conference.
He said Apple’s iPhone was fairly secure, but there would be vulnerabilities on all platforms, including Apple’s platforms. To eliminate security risks, Apple has allowed security researchers to investigate vulnerabilities before they are discovered, making the iPhone safer.
Using Apple’s vulnerability to build emulators, we hope that security researchers can use it for some security testing. For example, they can monitor the processor’s health in real time on a virtual machine, or simulate some threats for sample analysis.
Apple disagrees with Afek. The latter argues that if the project is the latest attempt to provide interested researchers with a platform, the reverse engineer can also use the platform to find vulnerabilities and focus on building jailbreak software.
Like most aspects of its iOS ecosystem, Apple says it has always kept a tight grip on who can run its operating system and how it works. Apple considers any unauthorized use of the iOS operating system to be an infringement of its intellectual property rights.
Apple then sued Corellium, a mobile device virtualization company, for offering products that re-carved similar platforms that Apple had developed (although Apple’s platform was much more mature than The Offe’s open-source version).
Apple said in the lawsuit that while Corellium itself provides research tools for those trying to uncover security vulnerabilities and other flaws in Apple’s software, its real purpose is to profit from blatant infringements.
Because Apple discovered that the emulator’s capabilities go far beyond helping to fix vulnerabilities, it includes a full set of commercial services and encourages its users to sell the information they find to the highest bidder as much as possible.
In January last year, Corellim offered security researchers the same type of tool for vulnerability finders to mimic iPhones running any version of the operating system. The company believes that allowing researchers to work on simulated iOS is helpful to the entire user community.
This latest version of the emulator is said to be closer to the original in the operating logic of the iOS system, and has many new features based on vulnerability development embedded in it.
Response: Just to work for convenience
In response to Apple’s wrath, Corellium CEO Amanda Gorton wrote in a statement that Corellium was set up to equip mobile communities with the scalable, efficient, and innovative tools they need to move the mobile ecosystem forward.
By combining the fidelity of the native architecture with the benefits of virtual resources, its pioneering platform enables security experts, software developers, and mobile testers to perform tests, training, or security studies better than ever before.
Apple’s growing emphasis on the security of its devices has prompted it to increase the cost of the bug bounty program.
According to the company’s iOS security white paper, a $200,000 reward will be awarded by May 2019 for finding a vulnerability that allows programs to bypass secure startup firmware.
Amanda Gorton, on the other hand, thinks the simulator could inspire security researchers to discover more vulnerabilities, a way to secure a booster system that differs from various bounty programs.
Currently, this iOS simulator is still under development. Officials say the platform cannot run the latest version of iOS or simulate the latest hardware. Afek says it is in its early stages and can only run iOS 12.1 on the iPhone 6, but is currently working on other features and support for the updated iOS version.