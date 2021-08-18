



Researchers are causing conflicts with iOS’s built-in hash functions, raising new concerns about the integrity of Apple’s CSAM scanning system. This flaw affects a hash system called Neural Hash. This allows Apple to check for exact matches of known child abuse images without owning the images or collecting information about mismatched images.

On Tuesday, a GitHub user called Asuhariet Ygvar posted the code for the rebuilt Python version of Neural Hash. It claims to have been reverse engineered from previous versions of iOS. The GitHub post also includes instructions on how to extract NeuralMatch files from your current macOS or iOS build.

Early tests showed that resizing and compressing the image was acceptable, but not cropping or rotating, Ygvar wrote to Reddit and shared the new code. We hope this will help you better understand the Neural Hash algorithm and know its potential issues before it becomes available on all iOS devices.

Researchers caused a conflict: two images that generate the same hash

As soon as the code was released, more serious attacks were discovered. A user named Cory Cornelius caused a conflict in the algorithm. Two images that generate the same hash. If the findings are maintained, it will be a serious failure of the encryption that underlies Apple’s new system.

On August 5, Apple introduced a new system to stop images of child abuse on iOS devices. In the new system, iOS matches locally stored files with hashes of child abuse images, as generated and maintained by the National Center for Missing and Exploiting Children (NCMEC). The system includes a number of privacy protections that limit scanning to iCloud photos and set a threshold of up to 30 matches before alerts are generated. Still, privacy advocates are concerned about the implications of scanning local storage for illegal material. New discoveries raise concerns about how the system can be abused.

Conflicts are serious, but they require extraordinary effort to actually abuse them. In general, collision attacks allow researchers to find the same input that produces the same hash. On Apples systems, this means generating an image that raises a CSAM alert because it will generate the same hash as the image in the database, even if it is not a CSAM image. However, to actually generate that alert, you need to access the NCMEC hash database, generate over 30 collision images, and then smuggle all of them to the target phone. Still, you can easily identify an image as a false positive simply by generating an alert to Apple and NCMEC.

Still, it’s an embarrassing flaw that only raises criticism of the new reporting system. Proof-of-concept clashes are often disastrous for cryptographic hashes, as was the case with the 2017 SHA-1 clashes, but perceptual hashes like Neural Hash are known to be clash-prone. As a result, it’s unclear whether Apple will replace the algorithm as it discovers, or make further measured changes to mitigate potential attacks. Apple didn’t immediately respond to requests for comment.

In a broader sense, this discovery could increase the demand for Apple to abandon plans for scanning on devices. This continues to escalate in the weeks following its announcement. On Tuesday, the Electronic Frontier Foundation launched a petition to Apple to remove the system under the title “Tell Apple: Dont Scan Our Phones.” At the time of press, it has more than 1,700 signatures.

Update 10:53 AM ET: Changed headings and copies to more accurately reflect known weaknesses in common perceptual hashing systems.

