The concerns about the integrity of Apple’s CSAM spotting NeuralHash system grew another notch on Wednesday after researchers found serious issues with the system that, according to Apple representatives, will be able to identify images of child abuse without breaching the privacy of the users.
Ever since the announcement of its new security system to identify child abuse that is going to be integrated into the devices set to launch later this year, Apple Inc. (AAPL) has been facing significant backlash concerning user privacy.
According to The Verge, a GitHub user, Asuhariet Ygvar, proved that the algorithm cannot identify cropped or rotated images. The user reconstructed a Python version of the program that, according to Ygvar, is reverse-engineered from iOS 14.3.
“Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. Hope this will help us understand the NeuralHash algorithm better and know its potential issues before it’s enabled on all iOS devices,” said Ygvar.
Another researcher named Cory Cornelius found a more serious flaw in the system where the person produced a loophole in the system where it generated the same hash in two different images. While it is understood that such cases will be too rare to occur in a real-life scenario and the fact that thirty such “collisions” will only trigger one alarm to the Apple or National Center for Missing and Exploited Children (NCMEC) reviewers who can wave off such red flags, the fact that it can happen itself is making the case of the doubters stronger.
Apple has been on the receiving end of a lot of criticism for their CSAM algorithm and it was not helped by the fact that the company itself was suing a company that allows researchers to investigate the software to filter the possible glitches.
Since 2019, Apple has been fighting a legal battle with Corellium, a company that matches the description above, alleging the latter of making it easier for hackers to get hold of Apple’s technology, therefore, breaching the giant’s privacy. Apple filed another follow-up lawsuit after Corellium announced a $15,000 grant for researchers to investigate the new iOS.
On August 13, in an interview with WSJ, Apple VP Craig Federighi had said, “Security researchers are constantly able to introspect what’s happening in Apple’s [phone] software. So if any changes were made that were to expand the scope of this in some way—in a way that we had committed to not doing—there’s verifiability, they can spot that that’s happening.”
After the comments, Corellium CEO said MIT Technology Review, “iOS is designed in a way that’s actually very difficult for people to do an inspection of system services.”
Apple’s scrutiny has not been limited to the tech community as well. German politician Manuel Hoferlin has also voiced his concern over the level of privacy breach that the devices are enabled to do. Published in a report by iFun, the politician said, “Every scanned content destroys a piece of trust that users place in the fact that the content of their communication is not monitored unnoticed. The Internet without trusting communication is no longer a civilizational advance, but the greatest surveillance tool in history.”
It is yet to be seen if the tech giants keep the system amidst such outrage or ultimately give in to the pressure.
Source: Read Full Article