Want to vet Apple’s controversial plan to use iPhones to combat the proliferation of child porn?
Corellium is offering $5,000 grants for proposals meant to verify Apple’s security claims around the technology. Anyone can apply; experience in security research, although helpful, is not required.
Apple’s so-called CSAM (child sexual abuse material) detection system is designed to both help law enforcement catch sex predators and safeguard user privacy. However, security researchers remain wary that the same technology will be error-prone or abused for widescale surveillance. A big reason why is because Apple is tapping algorithms on the iPhone itself to detect and flag child porn images uploaded to iCloud, instead of relying on server-based scanning.
In response, Apple says independent security researchers will be able to verify that the CSAM detection system is working properly by examining the processes over the iOS software.
That could mean more business for Corellium, a developer of virtualization technology that can run multiple instances of Apple’s iOS on cloud-based servers. “We applaud Apple’s commitment to holding itself accountable by third-party researchers,” the company wrote in a blog post. “We believe our platform is uniquely capable of supporting researchers in that effort.”
However, Corellium’s effort to vet the CSAM detection system is also ironic; for the past two years, it’s been locked in a court battle with Apple over its virtualization technology.
According to Corellium, the virtualization is a valuable tool to conduct security research into Apple’s mobile operating system. But in 2019, Cupertino filed a lawsuit, claiming Corellium was infringing on its products. It was only last week that the two companies settled the lawsuit. Terms of the deal remain confidential, but Corellium can continue to sell its virtualization technology, according to The Washington Post.
By offering the $5,000 grants, Corellium is aiming to hold Apple accountable for its privacy promises concerning the CSAM detection system. “Errors in any component of this overall design could be used to subvert the system as a whole, and consequently violate iPhone users’ privacy and security expectations,” the company wrote in its blog post.
Corellium plans on awarding up to three $5,000 grants. The company is accepting submissions until Oct. 15 at 5 p.m. EST. It then plans on responding to all proposals by Oct. 31. “Over time, we will evaluate adding more topics and more opportunities for awards,” the company added.
