Corellium launches initiative to help analyze Apple's CSAM claims

in iOS edited August 2021
Corellium, an iOS virtualization firm that was recently sued by Apple, has announced a new initiative meant to foster independent security research -- and the first project is inspired by Apple's CSAM scanning project.

Credit: Corellium
Credit: Corellium

The so-called Corellium Open Security Initiative will grant both monetary awards and access to the firm's iOS virtualization platform to qualifying submissions. As mentioned, the first phase of the initiative will be focused on validating vendor security or privacy claims. Corellium suggests that the first phase of the initiative was inspired by -- and will target -- Apple.

Apple has previously encouraged third-party researchers to corroborate its claims of privacy and security features in its CSAM scanning system. Corellium says that any single flaw in the system could subvert it as a whole, treating the privacy and security expectations of iPhone users.

"We applaud Apple's commitment to holding itself accountable by third-party researchers. We believe our platform is uniquely capable of supporting researchers in that effort," Corellium wrote, stating that its hypervisor technology doesn't rely on exploits and allows for dynamic security analysis after iOS updates are fielded.

Corellium says it hopes other companies will "follow Apple's example in promoting independent verification of security and privacy claims."

In the first art of the initiative, Corellium will award up to three submissions a $5,000 grant and free access to its iOS virtualization platform for one year. Applications for the program are open to anyone with a specific research project they want to tackle. Although having a history of security research is "helpful," Corellium says it isn't required.

The firm says it'll select applicants based on several criteria, including whether the proposal will result in improved mobile security or privacy, the technical merits of the research, and the likelihood that the project will actually be completed. The deadline for submissions is Oct. 15, 2021.

Earlier in August, Apple settled its copyright infringement lawsuit against Corellium. Although the settlement was confirmed by court records, details of the agreement were kept confidential.

Read on AppleInsider


  • Reply 1 of 7
    Excellent news. But again why wasn't Apple highlighting these kind of items right from the get go? IMHO Apple management made it a bad situation that a proper roll out could have significantly lessened. 
  • Reply 2 of 7
    Now, Corellium is kissing Apple’s ass after the settlement. I wonder what is in the settlement. 
  • Reply 3 of 7
    KTRKTR Posts: 202member
    They prolly gave apple all the intel they have on others
  • Reply 4 of 7
    Apple needs just to move this in the cloud before I will use a device running iOS 15 (downgraded from 15 beta to 14).
  • Reply 5 of 7
    xyzzy-xxx said:
    Apple needs just to move this in the cloud before I will use a device running iOS 15 (downgraded from 15 beta to 14).
    Moving it to the cloud would invade your privacy. If you use no iCloud, no scanning, if you use iCloud, and you have no CSAM pictures, nothing is uploaded to Apple … so Apple will know nothing about you, not even taking a bad with your kid … as that picture is not in the CSAM library. 
    If you move everything to the cloud, all you pictures are scanned / fingerprinted, like Microsoft, Facebook, Google, Adobe are doing, and so they offer a wealth of information to those companies, I do trust Microsoft / Adobe but Google and Facebook … so the implementation of Apple is way better. The way this was leaked and framed however is a PR disaster, and we all know, Perception is Reality …
  • Reply 6 of 7

    Who elected Apple to be a law enforcement agency for whom the fourth amendment doesn’t apply? 

  • Reply 7 of 7
    BeatsBeats Posts: 2,686member

    Who elected Apple to be a law enforcement agency for whom the fourth amendment doesn’t apply? 

    Probably lazy ass law enforcement.
Sign In or Register to comment.