Security News > 2021 > August > Apple says its CSAM scan code can be verified by researchers. Corellium starts throwing out dollar bills

Last week, Apple essentially invited security researchers to probe its forthcoming technology that's supposed to help thwart the spread of known child sexual abuse material.

Crucially, Apple repeatedly stated that its claims about its CSAM-scanning software are "Subject to code inspection by security researchers like all other iOS device-side security claims." And its senior veep of software engineering Craig Federighi went on the record to say "Security researchers are constantly able to introspect what's happening in Apple's [phone] software."

Now, Florida-based infosec outfit Corellium is taking Apple up on that assertion.

Yes, that's the same Corellium Apple tried to drag through the courts, alleging "Unlawful commercialization of Apple's valuable copyrighted works," until it gave up that fight last week.

Specifically, the initiative is open to proposals for "Research projects designed to validate any security and privacy claims for any mobile software vendor, whether in the operating system or third-party applications," though it's clear it has Apple in mind.

"We applaud Apple's commitment to holding itself accountable by third-party researchers," said Corellium, which provides among other things virtualized iOS devices for infosec types to probe, adding: "We believe our platform is uniquely capable of supporting researchers in that effort."

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/17/corellium_apple_bounty/