Corellium Launching New Initiative to Hold Apple Accountable Over CSAM Detection Security and Privacy Claims

by

Security research firm Corellium this week announced it is launching a new initiative that will "support independent public research into the security and privacy of mobile applications," and one of the initiative's first projects will be Apple's recently announced CSAM detection plans.

appleprivacyad
Since its announcement earlier this month, Apple's plan to scan iPhone users' photo libraries for CSAM or child sexual abuse material has received considerable backlash and criticism. The majority of concerns revolve around how the technology used to detect CSAM could be used to scan for other types of photos in a user's library, possibly at the request of an oppressive government.

Apple will check for CSAM photos on a user's photo library by comparing the hashes of a user's pictures to a database of known CSAM images. The company has firmly pushed back against the idea that it will allow governments to add or remove images to that database, refuting the possibility that embodiments other than CSAM may get flagged if found in a user's iCloud Photo Library.

In an interview with The Wall Street Journal, Apple's senior vice president of software engineering, Craig Federighi, said that the on-device nature of Apple's CSAM detection method, compared to others such as Google who complete the process in the cloud, allows security researchers to validate the company's claim that the database of CSAM images is not wrongly altered.

Security researchers are constantly able to introspect what's happening in Apple's software, so if any changes were made that were to expand the scope of this in some way—in a way that we had committed to not doing—there's verifiability, they can spot that that's happening.

Corellium's new initiative, called the "Corellium Open Security Initiative," aims to put Federighi's claim to the test. As part of the initiative, Corellium will award security researchers a $5,000 grant and free access to the Corellium platform for an entire year to allow for research.

Corellium believes that this new initiative will allow security researchers, hobbyists, and others to validate Apple's claims over its CSAM detection method. The security research firm, which just recently settled its long-lasting dispute with Apple, says it applauds Apple's "commitment to holding itself accountable by third-party researchers."

We hope that other mobile software vendors will follow Apple's example in promoting independent verification of security and privacy claims. To encourage this important research, for this initial pilot of our Security Initiative, we will be accepting proposals for research projects designed to validate any security and privacy claims for any mobile software vendor, whether in the operating system or third-party applications.

Security researchers and others interested in being part of the initiative have until October 15, 2021, to apply. More details can be found on Corellium's website.

Tag: Apple Child Safety Features

Popular Stories

apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Coming to These U.S. States Next

Tuesday December 24, 2024 10:49 am PST by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Below, we outline which U.S. states and territories offer the feature, and additional states that have committed to rolling it out in...
Read Full Article
AirTag and Lavender iPhone

AirTag 2 Launching Next Year With These New Features

Tuesday December 24, 2024 8:35 am PST by
Apple is expected to release an AirTag 2 next year, and a few new features and changes have already been rumored for the item tracker. Below, we recap what to expect from the AirTag 2: The new AirTag is expected to be equipped with Apple's second-generation Ultra Wideband chip for longer range. The chip debuted last year in the iPhone 15 and the Apple Watch Ultra 2, and Apple said it...
Read Full Article24 comments
Generic iOS 19 Feature Mock Light

iOS 19 Rumored to Be Compatible With These iPhones

Sunday December 22, 2024 8:09 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cites a source within Apple. The report said that iOS 19 will be compatible with any iPhone that is capable of running iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro ...
Read Full Article131 comments
New Things Your iPhone Can Do in iOS 18

22 New Things Your iPhone Can Do in iOS 18.2

Monday December 23, 2024 6:30 am PST by
Apple released iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. Apple has added a handful of new non-AI related feature controls as...
Read Full Article28 comments
iPhone 16 Apple Store

iPhone Sizes Change Next Year: What to Know

Monday December 23, 2024 7:40 am PST by
This year, Apple tweaked iPhone 16 Pro screen sizes to make them bigger than 2023's iPhone 15 Pro models, and next year we are also expecting a change in the size of the displays in the iPhone 17 lineup. Here's what we know. Standard iPhone 17 Apple could introduce a new display size for the standard iPhone 17 model in 2025. The iPhone 17 could measure in at 6.3 inches, up from 6.1 inches,...
Read Full Article94 comments
apple silicon mac lineup 2024 feature purple m5

Macs With M5 Chips Expected to Launch in This Order

Monday December 23, 2024 8:27 am PST by
Apple supply chain analyst Ming-Chi Kuo today outlined mass production timing for the M5 series of chips, which he expects to be used in both future Macs and Apple Intelligence servers. The rollout will likely begin next year. Kuo expects the standard M5 chip to enter mass production in the first half of 2025, followed by the M5 Pro and M5 Max chips in the second half of the year. Then, he...
Read Full Article105 comments
m3 macbook air blue

Apple Accidentally Leaked the Next MacBook Air

Sunday December 22, 2024 8:33 am PST by
Apple earlier this month released macOS 15.2, and in doing so it accidentally confirmed new MacBook Air models coming next year. Apple accidentally released macOS 15.2 restore files for unreleased "‌MacBook Air‌ (13-inch, M4, 2025)" and "‌MacBook Air‌ (15-inch, M4, 2025)" models. While it no surprise that the 13-inch and 15-inch MacBook Air models were going to be updated with the M4 ...
Read Full Article
applegoogle

Apple Explains Why It Doesn't Plan to Create a Search Engine

Tuesday December 24, 2024 11:50 am PST by
Apple's senior vice president of services Eddy Cue has explained why the iPhone maker does not plan to create a search engine like Google. In a declaration filed with a U.S. federal court in Washington, D.C. last week, Cue said Apple is against the idea for the following reasons: The development of a search engine would cost Apple "billions of dollars" and "take many years," and this...
Read Full Article182 comments
Generic iOS 18 Feature Real Mock

iOS 18.2.1 for iPhone Now Confirmed as iOS 18.3 Beta Testing Continues

Tuesday December 24, 2024 1:38 pm PST by
Following our report that Apple is internally testing iOS 18.2.1 for the iPhone, an anonymous social media account with a proven track record of sharing iOS-related information has revealed the upcoming software update's build number: 22C161. With the build number now known, the update is now confirmed. When the anonymous account shares a build number for an upcoming iOS version, the...
Read Full Article50 comments

Top Rated Comments

adib Avatar
adib
44 months ago
For the first few months of iOS 15, I'm confident that the database just contains CSAM image fingerprints. However as time passes (and as Corellium's interest wanes), other authorities will push their agenda and force Apple's compliance to include "extra hashes" that are not part of CSAM....
Score: 31 Votes (Like | Disagree)
femike Avatar
femike
44 months ago
Sadly as expected, users will just roll over and accept it no matter what Apple is found doing. The Public have short memories. This does not make it any less wrong. It is still an appalling decision which should be rescinded.
Score: 24 Votes (Like | Disagree)
brucewayne Avatar
brucewayne
44 months ago
The reason why Apple has been able to stave off warrant requests in the past is by claiming 'they don't have the key'

The current administration (as well as governments around the world) have been pushing for the ability to access your messages. CSAM gives Apple a chance to 'create' their own backdoor under noble pretenses (who is going to argue against stopping child abuse?) and creating an opening for the governments to eventually exploit. It won't matter what Corellium finds now.

And when it happens, Tim Cook will get up on stage and in his soothing southern drawl claim to be the good guy as they had the best of intentions. They won't even lose any customers over because most people are oblivious to privacy (Amazon has sold 100 million Alexa powered products), and the people that do care will have nowhere to go after the precedent is set and Google / Amazon / Microsoft have joined in.
Score: 23 Votes (Like | Disagree)
Substance90 Avatar
Substance90
44 months ago
The fact that the analysis is done on device is even worse. That means that your privacy is invaded even with all network connection turned off.

EDIT: Let me elaborate for the down voters - if the photos are scanned only if uploaded to some cloud, you don't even have to cut your network connection. You just keep your photos on your device and you're safe. If the scanning is done on device that means that your privacy is not guaranteed no matter if you keep your photos offline or if you even cut your network connection.
Score: 12 Votes (Like | Disagree)
brucewayne Avatar
brucewayne
44 months ago

So you don't think the below applies in this case?

https://yourlogicalfallacyis.com/slippery-slope

I guess we'll have to wait and see and hopefully Apple will be open with that they add to that hash list. If it can also be monitored by external initiatives such as Corellium I think that's good.
I think we have 20 years of increasing government intrusion to conclude that if A happens Z won't be far behind.

Liberty once lost is lost forever.
Score: 12 Votes (Like | Disagree)
bobcomer Avatar
bobcomer
44 months ago

Likely 18 U.S. Code § 2258 ('https://www.law.cornell.edu/uscode/text/18/2258') - Failure to report child abuse and related laws:
* 18 U.S. Code § 2258A ('https://www.law.cornell.edu/uscode/text/18/2258A') - Reporting requirements of providers
* 18 U.S. Code § 2258B ('https://www.law.cornell.edu/uscode/text/18/2258B') - Limited liability for providers or domain name registrars
* 18 U.S. Code § 2258C ('https://www.law.cornell.edu/uscode/text/18/2258C')
* 18 U.S. Code § 2258D ('https://www.law.cornell.edu/uscode/text/18/2258D') - Limited liability for NCMEC
* 18 U.S. Code § 2258E ('https://www.law.cornell.edu/uscode/text/18/2258E') - Definitions
None of those require on device scanning.
Score: 11 Votes (Like | Disagree)
Read All Comments