Developer and security teams have a smart device problem. While smart devices like smartphones, cameras, medical devices, and connected vehicles bring convenience and productivity to business and everyday life, they also foster a new frontier of security risks — vulnerabilities within their software can leave an open door for exploitation by attackers and malware.
Because of this, enterprises that are developing mobile apps or making smart devices are “shifting left,” moving security practices and accountability further up in the software development lifecycle (SDLC) and onto the plate of development teams. The process shift is a good one, but smart devices and their mobile apps have very unique development and security testing challenges that have, to date, been cumbersome, time-consuming, and costly to address.
With billions of new smart devices expected to be connected over the next decade, the mobile and IoT attack surface is expanding at a rate that today’s R&D and testing tools can’t keep pace with. This is where Corellium comes into play.
Redefining the Future of R&D with Device Virtualization
IT teams, in response to the expanding attack surface, have built fortresses around datacenters and endpoint devices like desktops and laptops. But with smart devices, running iOS, Android, and embedded operating systems, vulnerabilities can lie within apps themselves when they were first developed, and it’s these internal vulnerabilities that are exploited by attackers and malware.
Corellium has built the most powerful Arm virtualization technology in the world to push the boundaries of research and testing and support millions of developers worldwide as they work to build a better and more secure future. The platform is purpose-built to strengthen security testing, streamline DevSecOps, and help dramatically accelerate R&D.
One of the core components that separates Corellium’s technology from prior generation emulators is virtualization. It enables developers to work in a device and OS accurate virtual environment, capable of both static and dynamic testing that is unmatched and often more powerful, faster, and less costly than testing on physical devices.
Corellium believes smart device virtualization is the way of the future; that’s why they’re dedicated to developing the innovative tools and technology that teams need to achieve superior levels of security research and testing. By shifting from physical to virtual devices, developers and security teams can unlock new opportunities to create more effective R&D processes and streamline cross-team collaboration.
Why Virtualization? And Why Now?
Virtualization has long played a critical role for software R&D for applications running on servers and desktops. These devices run on Intel x86-based processors.
But for everything else, for smart IoT devices from mobile phones to home electronics to connected cars, it’s remained stuck in the physical world. Software teams have been relegated to using physical devices attached to their laptops, or being under-served by OS emulators. The underlying reason is because these smart devices don’t use x86 processors. Instead they use Arm-based processors that are purpose-built for their demanding power and heat restrained environments. Consequently, they can’t be virtualized using x86 virtualization technology.
Corellium changes everything. Corellium has developed the world’s most powerful Arm-based virtualization technology. It allows for Arm-based smart devices to be virtualized natively on Arm-based servers, for unmatched virtual model accuracy, performance, and scale.
With Corellium’s powerful Virtual Hardware Platform, teams have access to endless combinations of smart device models, operating systems, and mobile apps, all in one place. Everything you need to conduct extensive research and testing is available through a simple yet powerful browser interface, built-in security tools, and comprehensive APIs.
Enterprises around the world apply the Corellium Virtual Hardware Platform to the following areas of their mobile app development and security processes:
- Faster and More Efficient DevSecOps
- Mobile App Pentesting
- Mobile Malware & Threat Research
Faster and More Efficient DevSecOps
Whether developing mobile apps for internal employee use or for external commercial use, the best R&D teams are adding Corellium to their CI/CD processes, and making the shift left to DevSecOps by capitalizing on virtualization technology. Corellium empowers teams to change the way mobile and IoT applications are built and tested to facilitate accelerated and simplified R&D at lower costs.
Simplified deployment through on-demand combinations of device models, operating systems, and mobile apps.
- Instant onboarding and application control without the hassle and limitations of physical devices.
- The option to utilize a powerful browser interface or integrated APIs to conduct manual or automated testing.
- Enhanced cross-team collaboration thanks to snapshot and clone functionalities that make communication throughout testing cycles more efficient.
- Quicker feedback with dedicated tools for teams to build reports and share findings.
- Quicker turnarounds on updates and patches, ultimately leading to faster and more secure releases.
Mobile App Pentesting
Mobile application penetration testing and security compliance testing are especially challenging for those using physical phones and can create headaches for even experienced and agile security teams. Additionally, most widely available tools are lacking in key functionalities and capabilities, leading to inadequate dynamic testing coverage that can often miss vulnerabilities and exploits.
Through its Arm-native model, Corellium provides unprecedented mobile app pentesting on virtual iOS and Android device Arm and enables static and dynamic app vulnerability discovery and exploitation testing.
- Easily spin-up near limitless combinations of iOS and Android devices, OS and mobile apps.
- Gain device root access, no need to apply additional code or tools.
- Test mobile apps on any OS version; jailbroken, rooted or not.
- Integration with Burp Suite, Charles Proxy, and Frida.
- Browse the device’s file system - download and forensically examine files.
- Script and API capabilities to automate testing.
- Regulatory pentesting, standards development, and auditing.
- Data privacy testing and auditing.
Mobile Malware & Threat Research
Attackers and the exploits they use to wreak havoc on unsecure applications and devices are constantly evolving and becoming more and more sophisticated every day. Bad actors and malware won’t wait around for you to adapt to the latest breed of cyber threats, so it’s imperative to arm your teams with the tools and resources needed to stay ahead of the next big risk.
Corellium’s platform can help your internal IT security teams enhance their malware analysis and threat response processes by addressing several key challenges that security operations center (SOC) teams will often face:
- On-demand device availability of models/OS combos to replicate environments.
- Secure sandboxing with safe network-isolated virtual devices.
- Malware detonation with analysis of encrypted network traffic & syscall tracing.
- Threat hunting with jailbreak and file system access to gather IoC evidence.
- Snapshotting to record system states and instantly clone environments.
- And more.
Change What's Possible, So You Can Build What's Next
Corellium is focused on building next-gen tools to help developers and security teams combat tomorrow’s biggest cyber threats head-on.
The company and platform are built on the foundational belief of changing what's possible, so you can build what's next. Corellium is guided by three core values that support you to build what’s next:
- Transformative technology - Arm processors are expected to power the coming wave of new smart and IoT devices. Corellium is embracing this future and moving beyond current standards of application and device security by building partnerships with tech innovators and leaders.
- Excellence with purpose - Corellium’s goal is to ensure that the tools and platforms they are developing add meaning and value to the security community through new features and capabilities, instead of simply iterating on existing tools and technology.
- Supporting our community - The community of well over 13 million mobile and IoT developers is at the heart of everything Corellium does. The team is dedicated to supporting their peers and empowering them to do incredible things as they create innovative, accessible, and, most importantly, secure, applications.
Dedication to these core values allows Corellium to set new standards and help build a better future.
The Future of Security Is Developing on Corellium. Ready to Get Started?
Subscribe to our newsletter to stay up to date on the latest news and learn more about how Corellium is shaping the future of mobile and IoT security and development.
Corellium solutions are available as onsite, air-gapped server appliances or as a cloud service. For a free online trial, please visit our website.
Keep reading
Deep Dive into Experimenting with Messaging App Vulnerabilities
Introducing the Cortex-R82AE and Cortex-R82 System Models
