On Tuesday Corellium announced the launch of the Corellium Open Security Initiative. It will support independent public research into the security and privacy of smartphone apps and devices.
The first proposal, Validating Vendor Claims, offers a US$5,000 award and free access to the Corellium platform for a year to validate Apple’s CSAM scanning claims.
Corellium Open Security Initiative
Corellium’s platform offers to security researchers a “jailbroken” virtual iPhone as a way for them to search for security vulnerabilities within Apple’s system.
Earlier this month, Apple announced two features coming in its Fall 2021 OS updates designed to protect children. The first involves detecting sexually explicit photos sent to kids through Messages, and moving its detection of child sexual abuse material in iCloud Photos to the device.
It sounds like Corellium is giving researchers a chance to verify Apple’s claims, such as the scanning being limited to iCloud Photos, or that it couldn’t expand the algorithm to detect other material like political images.
Corellium lists the full criteria and requirements for researchers in its blog post, such as providing regular updates about the progress of your research. People who are interested can email a proposal to [email protected] by or before 5:00pm EST October 15, 2021.
Andrew:
Professionals looking for evidence in the public space.
I like it.
A lot.
Now, all we need are those redundant monitoring and performance evaluations systems and that publicly available anomalous event reporting system, and we’ve got robust independent testing and surveillance of Apple’s claims.