{"id":327300,"date":"2021-08-18T20:24:41","date_gmt":"2021-08-18T17:24:41","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/hackers-are-already-tricking-apples-iphone-photo-scanner\/"},"modified":"2021-08-18T20:24:41","modified_gmt":"2021-08-18T17:24:41","slug":"hackers-are-already-tricking-apples-iphone-photo-scanner","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/hackers-are-already-tricking-apples-iphone-photo-scanner\/","title":{"rendered":"#Hackers Are Already Tricking Apple\u2019s iPhone Photo Scanner"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a37bf1f575f1\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a37bf1f575f1\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/hackers-are-already-tricking-apples-iphone-photo-scanner\/#The_Issue_With_Apples_CSAM_Scanner\" >The Issue With Apple\u2019s\u00a0CSAM Scanner<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/hackers-are-already-tricking-apples-iphone-photo-scanner\/#Will_Apple_Do_Anything\" >Will Apple Do Anything?<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#Hackers Are Already Tricking <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">App<\/a>le\u2019s iPhone Photo Scanner&#8221;<\/strong><\/p>\n<div>\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage alignnone size-full wp-image-742083\" srcset=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/07\/apple_blast_bluelines_hero_1.jpg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/07\/apple_blast_bluelines_hero_1.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/07\/apple_blast_bluelines_hero_1.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"The Apple logo on a blue background with horizontal lines\" width=\"1200\" height=\"675\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>There\u2019s been a lot of talk regarding Apple\u2019s\u00a0CSAM (Child Sexual Abuse Material) scanner. Now, the scanner is back in the <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> again, as it appears that hackers could be one step closer to tricking the CSAM scanner and creating false positives.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"The_Issue_With_Apples_CSAM_Scanner\"><\/span>The Issue With Apple\u2019s\u00a0CSAM Scanner<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.reddit.com\/r\/MachineLearning\/comments\/p6hsoh\/p_appleneuralhash2onnx_reverseengineered_apple\/\">Reddit user<\/a> did some reverse engineering to understand Apple\u2019s\u00a0NeuralHash algorithm for on-device CSAM detection. In doing so, they discovered a possible collision in the hash that could create false positives. A <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Hash_collision\">collision<\/a> is a potential\u00a0clash\u00a0that occurs when two pieces of data have the same hash value, checksum, fingerprint, or cryptographic digest.<\/p>\n<p>A coder named\u00a0Cory Cornelius\u00a0produced a <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/github.com\/AsuharietYgvar\/AppleNeuralHash2ONNX\/issues\/1\">collision in the algorithm<\/a>, which means they found two images that create the same hash. This could be used to create false positives, which would flag images to Apple as containing child abuse even if they\u2019re entirely innocuous.<\/p>\n<p>While it certainly wouldn\u2019t be easy, there\u2019s the possibility that a hacker could\u00a0generate an image that sets off the CSAM alerts even though it is not a CSAM image.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">But there\u2019s a difference between saying \u201cyeah that\u2019s almost certain to happen, in theory\u201d and seeing it happen in real life. Apple went out of their way to keep the hash function secret \u2014 because they knew the risks.<\/p>\n<p>\u2014 Matthew Green (@matthew_d_green) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/matthew_d_green\/status\/1428008377871998984?ref_src=twsrc%5Etfw\">August 18, 2021<\/a><\/p>\n<\/blockquote>\n<p>Apple does have layers designed to make sure the false positive doesn\u2019t cause an issue. For example, when an image is flagged, it must be reviewed by an actual person before it is sent to law enforcement. Before it even gets to that point, the hacker would need to gain access to the\u00a0NCMEC hash database, create 30 colliding images, and then get\u00a0all of them onto the target\u2019s phone.<\/p>\n<p>That said, it\u2019s just another issue that comes up with Apple\u2019s CSAM scanner. There\u2019s been tremendous opposition already, and the fact that coders were able to reverse engineer it already is very concerning. Instead of a collision taking months to pop up, one was discovered within hours of the code going public. That\u2019s concerning.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"Will_Apple_Do_Anything\"><\/span>Will Apple Do Anything?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Only time will tell how Apple addresses this situation. The company might backtrack on its plan to use the\u00a0NeuralHash algorithm. At the very least, the company needs to address the situation, as confidence in Apple\u2019s photo-scanning plan is already low.<\/p>\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/749298\/hackers-are-already-tricking-apples-iphone-photo-scanner\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#Hackers Are Already Tricking Apple\u2019s iPhone Photo Scanner&#8221; There\u2019s been a lot of talk regarding Apple\u2019s\u00a0CSAM (Child Sexual Abuse Material) scanner. Now, the scanner is back in the news again, as it appears that hackers could be one step closer to tricking the CSAM scanner and creating false positives. The Issue With Apple\u2019s\u00a0CSAM Scanner A&#8230;<\/p>\n","protected":false},"author":1,"featured_media":327301,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2021\/07\/apple_blast_bluelines_hero_1.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-327300","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/327300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=327300"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/327300\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/327301"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=327300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=327300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=327300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}