Apple scans iCloud photos to check for child abuse

mood · Jan 9, 2020

Apple scans iCloud photos to check for child abuse
January 8, 2020
https://www.telegraph.co.uk/technology/2020/01/08/apple-scans-icloud-photos-check-child-abuse/

Apple has started scanning photos uploaded from iPhones to check for child sexual abuse images, as tech companies come under pressure to do more to tackle the crime.

An Apple spokesman pointed to a disclaimer on the company’s website, saying: “Apple is dedicated to protecting children throughout our ecosystem wherever our products are used, and we continue to support innovation in this space. [...] As part of this commitment, Apple uses image matching technology to help find and report child exploitation”

The company did not elaborate on how it checks for child abuse images, but many tech companies use a system called PhotoDNA, in which images are checked against a database of previously identified images using a technology known as “hashing”. The technology is also used by Facebook, Twitter and Google.
Click to expand...

Apple made a change to its privacy policy last year that said it may scan images for child abuse material, although it is unclear when it made the change.
Click to expand...

https://nakedsecurity.sophos.com/2020/01/09/apples-scanning-icloud-photos-for-child-abuse-images/
But how does hashing work with encryption?
Henry Farid, one of the people who helped develop PhotoDNA, wrote an article for Wired that tackled the question of how hashing can work on content that’s been encrypted by Apple or Facebook.

Again, we don’t know if Apple’s using PhotoDNA, per se, or its own, homegrown hashing, but here’s his take on either one’s efficacy when used within end-to-end encryption:

"Recent advances in encryption and hashing mean that technologies like PhotoDNA can operate within a service with end-to-end encryption. Certain types of encryption algorithms, known as partially or fully homomorphic, can perform image hashing on encrypted data.
This means that images in encrypted messages can be checked against known harmful material without Facebook or anyone else being able to decrypt the image. This analysis provides no information about an image’s contents, preserving privacy, unless it is a known image of child sexual abuse."
Click to expand...

mirimir · Jan 9, 2020

Oh, I thought that stuff was securely end-to-end encrypted before being uploaded to iCloud.

But if Apple can detect even known images of child abuse in iCloud, that's obviously not the case.

Recent advances in encryption and hashing mean that technologies like PhotoDNA can operate within a service with end-to-end encryption. Certain types of encryption algorithms, known as partially or fully homomorphic, can perform image hashing on encrypted data.
Click to expand...

That's just a complicated way to admit that their end-to-end encryption isn't secure.

And it's not that I say that child abuse is OK.

It's just that with this vulnerability, you're stuck trusting Apple. Instead of trusting the encryption methodology.

mood · Feb 11, 2020

Search warrant shows how Apple tackles child abuse images on iCloud and email
February 11, 2020
https://9to5mac.com/2020/02/11/child-abuse-images/

A search warrant issued on behalf of Homeland Security Investigations provides a glimpse into how Apple detects and reports child abuse images uploaded to iCloud or sent via its email servers, while protecting the privacy of innocent customers.

The first stage of detection is automated, using a system common to most tech companies…
For each child abuse image already detected by authorities, a “hash” is created. This is effectively a digital signature for that image, and tech companies can have their systems automatically search for images that match this hash.
Forbes explains what usually happens when a match is detected. [...]

However, Apple appears to go a little further, manually checking the images to confirm that they are suspect before then providing law enforcement agencies with the name, address, and mobile phone number associated with the relevant Apple ID.
Click to expand...

Apple’s approach here seems ideal. It only examines images when they have been matched against the hash of a known image, so there should be a very low risk of Apple intercepting and viewing innocent images. Additionally, the company appears to make a manual check before reporting.
Click to expand...

mirimir · Feb 11, 2020

The only defect is the fact that Apple can examine anything that's supposedly encrypted.

It's a backdoor, and dishonestly concealed.

Nebulus · Feb 11, 2020

I could try to believe them when they claim they use homomorphic encryption, but that doesn't explain the possibility to inspect the images. So, yeah, that sounds like improperly implemented encryption.

mirimir · Feb 12, 2020

Well, I think that they're just encrypting stuff to both the user's key and theirs.

But even if they were using homomorphic encryption, that would be just as poor a choice, from the user's perspective.

deBoetie · Feb 12, 2020

It may be much worse than it initially sounds. You would, presumably, be able to recognise repeated hashes even if you weren't able to decrypt them. Then, using techniques as they did with the cracking of Enigma, where you might guess some repetitive plaintext, you might be able to recover at least a session key.

Point being, if you can get a known hash of the "text", you may well be able to guess and widen.

Rasheed187 · Feb 15, 2020

mirimir said: ↑

The only defect is the fact that Apple can examine anything that's supposedly encrypted. It's a backdoor, and dishonestly concealed.
Click to expand...

I haven't got any problems with this, if it can be used to stop crime.

Log in or Sign up

Apple scans iCloud photos to check for child abuse

mood Updates Team

mirimir Registered Member

mood Updates Team

mirimir Registered Member

Nebulus Registered Member

mirimir Registered Member

deBoetie Registered Member

Rasheed187 Registered Member

EU regulators to probe Amazon's Alexa, Apple's Siri and other voice assistants

Apple caters to China by pulling thousands of “unlicensed” iPhone games

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Video-sharing, photo editing, e-commerce: 52 Chinese apps that Indian intelligence wants banned

Log in or Sign up

Apple scans iCloud photos to check for child abuse

mood Updates Team

mirimir Registered Member

mood Updates Team

mirimir Registered Member

Nebulus Registered Member

mirimir Registered Member

deBoetie Registered Member

Rasheed187 Registered Member

EU regulators to probe Amazon's Alexa, Apple's Siri and other voice assistants

Apple caters to China by pulling thousands of “unlicensed” iPhone games

Identifying a Person Based on a Photo, LinkedIn and Etsy Profiles, and Other Internet Bread Crumbs

Video-sharing, photo editing, e-commerce: 52 Chinese apps that Indian intelligence wants banned

Useful Searches