Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They gain that the image won't be detected by CSAM detecting systems on their devices.


Yes, it would, because they need to have the original CSAM image in order to forge the hash collision. This method doesn't work unless you have the original photo to look at, meaning that your device will be raising alerts just as much as the targets, except you will be the only one incriminated since the target doesn't actually have any CSAM, only the hash-collided fake that you've made.


You don't need to, you only need the hash itself to create a collision. Which means that you only need a malicious actor to steal and/or sell the hashes.


And how then are they going to make an image that is visually indistinguishable from the original?

Remember: the hash collision is only the first step in the process. You also need to convince the Apple reviewers that the image is pornographic, and convince the NCMEC reviewers that the image is in fact the same as the one that it met a hash match with (apparently by magic, since you're imagining that the original image that you have to make a visually-indistinguishable match to isn't available).

I ask again: how is this process any more potent than any regular old fashioned pornography framing?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: