Corellium Launching New Initiative to Hold Apple Accountable Over CSAM Detection Security and Privacy Claims

Security research firm Corellium this week announced it is launching a new initiative that will "support independent public research into the security and privacy of mobile applications," and one of the initiative's first projects will be Apple's recently announced CSAM detection plans.

appleprivacyad
Since its announcement earlier this month, Apple's plan to scan iPhone users' photo libraries for CSAM or child sexual abuse material has received considerable backlash and criticism. The majority of concerns revolve around how the technology used to detect CSAM could be used to scan for other types of photos in a user's library, possibly at the request of an oppressive government.

Apple will check for CSAM photos on a user's photo library by comparing the hashes of a user's pictures to a database of known CSAM images. The company has firmly pushed back against the idea that it will allow governments to add or remove images to that database, refuting the possibility that embodiments other than CSAM may get flagged if found in a user's iCloud Photo Library.

In an interview with The Wall Street Journal, Apple's senior vice president of software engineering, Craig Federighi, said that the on-device nature of Apple's CSAM detection method, compared to others such as Google who complete the process in the cloud, allows security researchers to validate the company's claim that the database of CSAM images is not wrongly altered.

Security researchers are constantly able to introspect what's happening in Apple's software, so if any changes were made that were to expand the scope of this in some way—in a way that we had committed to not doing—there's verifiability, they can spot that that's happening.

Corellium's new initiative, called the "Corellium Open Security Initiative," aims to put Federighi's claim to the test. As part of the initiative, Corellium will award security researchers a $5,000 grant and free access to the Corellium platform for an entire year to allow for research.

Corellium believes that this new initiative will allow security researchers, hobbyists, and others to validate Apple's claims over its CSAM detection method. The security research firm, which just recently settled its long-lasting dispute with Apple, says it applauds Apple's "commitment to holding itself accountable by third-party researchers."

We hope that other mobile software vendors will follow Apple's example in promoting independent verification of security and privacy claims. To encourage this important research, for this initial pilot of our Security Initiative, we will be accepting proposals for research projects designed to validate any security and privacy claims for any mobile software vendor, whether in the operating system or third-party applications.

Security researchers and others interested in being part of the initiative have until October 15, 2021, to apply. More details can be found on Corellium's website.

Top Rated Comments

adib Avatar
15 months ago
For the first few months of iOS 15, I'm confident that the database just contains CSAM image fingerprints. However as time passes (and as Corellium's interest wanes), other authorities will push their agenda and force Apple's compliance to include "extra hashes" that are not part of CSAM....
Score: 31 Votes (Like | Disagree)
femike Avatar
15 months ago
Sadly as expected, users will just roll over and accept it no matter what Apple is found doing. The Public have short memories. This does not make it any less wrong. It is still an appalling decision which should be rescinded.
Score: 24 Votes (Like | Disagree)
brucewayne Avatar
15 months ago
The reason why Apple has been able to stave off warrant requests in the past is by claiming 'they don't have the key'

The current administration (as well as governments around the world) have been pushing for the ability to access your messages. CSAM gives Apple a chance to 'create' their own backdoor under noble pretenses (who is going to argue against stopping child abuse?) and creating an opening for the governments to eventually exploit. It won't matter what Corellium finds now.

And when it happens, Tim Cook will get up on stage and in his soothing southern drawl claim to be the good guy as they had the best of intentions. They won't even lose any customers over because most people are oblivious to privacy (Amazon has sold 100 million Alexa powered products), and the people that do care will have nowhere to go after the precedent is set and Google / Amazon / Microsoft have joined in.
Score: 23 Votes (Like | Disagree)
Substance90 Avatar
15 months ago
The fact that the analysis is done on device is even worse. That means that your privacy is invaded even with all network connection turned off.

EDIT: Let me elaborate for the down voters - if the photos are scanned only if uploaded to some cloud, you don't even have to cut your network connection. You just keep your photos on your device and you're safe. If the scanning is done on device that means that your privacy is not guaranteed no matter if you keep your photos offline or if you even cut your network connection.
Score: 12 Votes (Like | Disagree)
brucewayne Avatar
15 months ago

So you don't think the below applies in this case?

https://yourlogicalfallacyis.com/slippery-slope

I guess we'll have to wait and see and hopefully Apple will be open with that they add to that hash list. If it can also be monitored by external initiatives such as Corellium I think that's good.
I think we have 20 years of increasing government intrusion to conclude that if A happens Z won't be far behind.

Liberty once lost is lost forever.
Score: 12 Votes (Like | Disagree)
bobcomer Avatar
15 months ago

Likely 18 U.S. Code § 2258 ('https://www.law.cornell.edu/uscode/text/18/2258') - Failure to report child abuse and related laws:
* 18 U.S. Code § 2258A ('https://www.law.cornell.edu/uscode/text/18/2258A') - Reporting requirements of providers
* 18 U.S. Code § 2258B ('https://www.law.cornell.edu/uscode/text/18/2258B') - Limited liability for providers or domain name registrars
* 18 U.S. Code § 2258C ('https://www.law.cornell.edu/uscode/text/18/2258C')
* 18 U.S. Code § 2258D ('https://www.law.cornell.edu/uscode/text/18/2258D') - Limited liability for NCMEC
* 18 U.S. Code § 2258E ('https://www.law.cornell.edu/uscode/text/18/2258E') - Definitions
None of those require on device scanning.
Score: 11 Votes (Like | Disagree)

Related Stories

Child Safety Feature Purple

Apple's Proposed Phone-Scanning Child Safety Features 'Invasive, Ineffective, and Dangerous,' Say Cybersecurity Researchers in New Study

Friday October 15, 2021 12:23 am PDT by
More than a dozen prominent cybersecurity experts hit out at Apple on Thursday for relying on "dangerous technology" in its controversial plan to detect child sexual abuse images on iPhones (via The New York Times). The damning criticism came in a new 46-page study by researchers that looked at plans by Apple and the European Union to monitor people's phones for illicit material, and called...
apple logo us flag smooth

Apple to Attend White House Meeting to Discuss Security Risks of Open-Source Software

Thursday January 13, 2022 5:10 am PST by
Apple will be among several U.S. tech giants to attend a meeting at the White House today to discuss cybersecurity and possible security threats posed by open-source software, Reuters reports. The meeting will be held by U.S. National Security Advisor Jake Sullivan and will focus on "concerns around the security of open-source software and how it can be improved." The meeting was prompted by ...
apple privacy

University Researchers Who Built a CSAM Scanning System Urge Apple to Not Use the 'Dangerous' Technology

Friday August 20, 2021 5:48 am PDT by
Respected university researchers are sounding the alarm bells over the technology behind Apple's plans to scan iPhone users' photo libraries for CSAM, or child sexual abuse material, calling the technology "dangerous." Jonanath Mayer, an assistant professor of computer science and public affairs at Princeton University, as well as Anunay Kulshrestha, a researcher at Princeton University...
apple devices security bug bounty mac iphone ipad

Security Researchers Unhappy With Apple's Bug Bounty Program

Thursday September 9, 2021 10:00 am PDT by
Apple offers a bug bounty program that's designed to pay security researchers for discovering and reporting critical bugs in Apple operating systems, but researchers are not happy with how it operates or Apple's payouts in comparison to other major tech companies, reports The Washington Post. In interviews with more than two dozen security researchers, The Washington Post collected a number...
corellium

Apple Appeals Corellium Copyright Lawsuit Loss After Settling Other Claims

Tuesday August 17, 2021 7:23 pm PDT by
Back in December, Apple lost a copyright lawsuit against security research company Corellium, and today, Apple filed an appeal in that case, reports Reuters. The judge in the copyright case determined that Corellium was operating under fair use terms and that its use of iOS was permissible, throwing out several of Apple's claims. For those unfamiliar with Corellium, the software is designed...
iOS App Store General Feature JoeBlue

Upcoming EU Sideloading Bill Would 'Cripple the Privacy and Security Protections' iPhone Users Expect, Says Apple

Thursday March 17, 2022 10:38 am PDT by
The European Union is set to introduce new legislation as soon as this month that would significantly affect how the App Store operates in Europe, reports The Wall Street Journal. The Digital Markets Act has been in development for some time and the finalized version that could be completed as soon as this month will allow for sideloading and alternate app store options. Apple will be...
iPhone 13 Security

Apple Apologizes to Researcher for Ignoring iOS Vulnerabilities, Says It's 'Still Investigating'

Monday September 27, 2021 12:55 pm PDT by
Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months. Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay...
iPhone 13 Security

Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

Friday September 24, 2021 10:42 am PDT by
In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible. In the time since, reports have surfaced indicating...

Popular Stories

apple watch ultra hammer test

YouTuber Tests Apple Watch Ultra Durability With a Hammer: Table Breaks Before the Watch

Sunday September 25, 2022 2:27 pm PDT by
A YouTuber has put Apple's claims for the durability of the Apple Watch Ultra to the test by putting it up against a drop test, a jar of nails, and repeated hits with a hammer to test the sapphire crystal protecting the display. TechRax, a channel popular for testing the durability of products, first tested the Apple Watch Ultra by dropping it from around four feet high. The Apple Watch...
tim cook spring loaded event

Six Major Products to Expect From Apple in 2023

Sunday September 25, 2022 10:57 am PDT by
As we approach the end of a busy product release season for Apple with only new iPads and Macs left to be announced over the next month or so, we're also setting our sights on 2023. Apple is rumored to have several major products in the pipeline for next year, including new Macs, a new HomePod, a VR/AR headset, and so much more. Other than new iPhones and Apple Watches, which are expected...
apple watch ultra deuglify 1

Apple Watch Ultra User Mods Titanium Casing to 'Deuglify' Design

Tuesday September 27, 2022 8:05 am PDT by
An Apple Watch Ultra user has modified their new device's casing to add a brushed finish and remove the orange color of the Action Button in an effort to make it more visually appealing. The Apple Watch Ultra offers the first complete redesign of the Apple Watch since the product line's announcement in 2014, and while the design has been met with praise from many users, some have criticized...
General iOS 16 Feature Yellow

Some iOS 16 Users Continue to Face Unaddressed Bugs and Battery Drain Two Weeks After Launch

Monday September 26, 2022 7:34 am PDT by
Today marks exactly two weeks since Apple released iOS 16 to the public. Besides the personalized Lock Screen, major changes in Messages, and new features in Maps, the update has also seen its fair share of bugs, performance problems, battery drain, and more. After major iOS updates, it's normal for some users to report having issues with the new update, but such reports usually subside in...
iPhone 14 Pro Sports Scores Dynamic Island

iPhone 14 Pro Features Live Sports Scores in Dynamic Island on iOS 16.1

Monday September 26, 2022 7:52 am PDT by
Earlier this month, Apple announced that iOS 16.1 will enable a new Live Activities feature that allows iPhone users to stay on top of things that are happening in real time, such as a sports game or a food delivery order, right from the Lock Screen. On the iPhone 14 Pro and Pro Max, Live Activities also integrate with the Dynamic Island. Premier League match in Dynamic Island via Paul Bradford ...
iPhone 14 Pros in Hand Black Background Feature

Verizon iPhone 14 Pro Customers Reporting Cellular Connection Issues

Monday September 26, 2022 6:23 am PDT by
iPhone 14 Pro customers on the Verizon network in the U.S. are reporting issues with slow and unreliable 5G cellular connections and calls randomly dropping. Several threads on Reddit (1,2,3) and the MacRumors forums chronicle issues faced by Verizon customers and Apple's latest iPhone. According to user reports, signal strength on the iPhone 14 Pro is unreliable and weak, while other...
Tim Cook Apple Event

Gurman: New iPads and Macs May Be Announced Through Press Releases, No October Event

Sunday September 25, 2022 6:50 am PDT by
Apple may decide to release its remaining products for 2022, which include updated iPad Pro, Mac mini, and 14-inch and 16-inch MacBook Pro models, through press releases on its website rather than a digital event, according to Bloomberg's Mark Gurman. In his latest Power On newsletter, Gurman said that Apple is currently "likely to release its remaining 2022 products via press releases,...
Stage Manager Extension Thumb 1

New iPadOS 16.1 Beta Expands Stage Manager to Older iPad Pro Models, Delays External Display Support

Tuesday September 27, 2022 10:24 am PDT by
The most recent beta of iPadOS 16.1 expands the controversial Stage Manager feature to older iPads, allowing it to work with iPad Pro models that have an A12X or A12Z chip, according to information Apple provided to Engadget. The beta also removes the external display support from Stage Manager for the current time, with the feature set to return in a later iPadOS 16 update. Apple's...
iOS 16

Everything New in the Latest iOS 16.1 and iPadOS 16.1 Betas: Stage Manager Expansion, Wallpaper Tweaks and More

Tuesday September 27, 2022 11:36 am PDT by
Apple today released new betas of iOS 16.1 and iPadOS 16.1 to developers, tweaking some of the functionality that's been introduced in prior betas and in the case of iPadOS 16.1, adding a major new feature to Stage Manager. We've rounded up everything new in both betas below. Wallpaper Updates Apple has updated the Wallpaper section of the Settings app to allow users to swap between...
john meyer ultra

Apple Watch Ultra Praised by Watch World Tastemaker John Mayer

Monday September 26, 2022 4:42 am PDT by
Apple Watch Ultra has been endorsed by American musician and famous watch collector John Mayer, who has been showing off the new device on his Instagram account. "Been wearing the Apple Watch Ultra for a week... and it's great," writes Mayer over a photo of the watch. "The first Apple Watch that excited me as a mechanical watch collector." "It's loaded with capability and what I call...