Warm Southern Breeze

"… there is no such thing as nothing."

Apple Computer To Make “Back Door” For iPhones

Posted by Warm Southern Breeze on Thursday, August 5, 2021

Apple Computer, Apple Juice: Which One’s Better?

So… I just read this story:

Apple unveils plans to scan US iPhones for images of child sex abuse
By Rebecca Klar – 08/05/21 05:22 PM EDT
https://thehill.com/policy/technology/566603-apple-unveils-plans-to-scan-us-iphones-for-images-of-child-sex-abuse

Sounds good, right?

At least, superficially, perhaps.

The second sentence reads in part, “but security researchers and advocates are warning the scanning update — along with one that aims to give parents protective tools in children’s messages — could pose data and security risks beyond the intended purpose.”

But, here’s the creepy part:
“Apple said its method to detect the abusive material is “designed with user privacy in mind.” Instead of scanning images in the cloud, the system performs “on-device matching” using a database of known child sexual abuse material image hashes provided by child safety organizations.”

Did you get that?

“A database of known child sexual abuse material image hashes provided by child safety organizations.”

Now, what follows is a rather simplified version, and quite frankly, it wouldn’t surprise me to know that Law Enforcement authorities are onto that game. But here’s something even more sophisticated: Image hashes.

Here’s a primer on the matter:
https://jenssegers.com/perceptual-image-hashes

It almost does the same thing, albeit with a slight twist – it’s not encrypted.

The technology is called PhotoDNA, was invented by Microsoft, and essentially, works from a known database of child pornographic images, and analyzes them (creates a “hash”) thereby creating a unique digital identifier for each and every image, that is resistant, or impervious to change, such as the elimination of color, or adjustments made using photo editing software/algorithms, including of size, and analyzes each cell/pixel’s intensity gradients, or edges.

But again, it’s based upon ONE premise: An unencrypted file.

Immediately after reading the headline, I saw the flaw.

That flaw is base upon the presumption that customers of Apple’s iCloud service are uploading UNENCRYPTED files.

HOWEVER… PhotoDNA is alleged to work with encryption.
See: https://5rightsfoundation.com/uploads/5rights-briefing-on-e2e-encryption–csam.pdf

In a very simple way, here’s what that “looks like.”

NOTE: For “security purposes,” WordPress dot com doe NOT “allow” uploading of encrypted files. Go figure. So, in lieu of that, I will simply share screenshots of the files.

First, take this innocuous image. It’s a picture of a real dog in the midst of cuddly, warm-n-fuzzy lookalike stuffed animal dogs.

Screenshot of an encrypted jpg file. Note that the file name shows it is an image file – a jpg – and encrypted, as gpg.

Using any readily-available encryption program, the image can be rendered all but practically unbreakable – by even the most powerful, and most sophisticated computers.

Once encrypted, then, it looks like this.

But, note this: The file name provides a clue to its file type; it contains the jpg tag, in addition to the gpg encryption file tag -and- a name which states “copy.”

The jpg file type tag is removed, only. The computer “sees” this as a TextEdit type document, not an image, or jpg, even though the preview shows it as an image.

Screenshot of image (jpg file) encrypted, with encryption & image tags removed. This file type “appears” to be a TextEdit file type, but, it is not.

But the original file, seen above – which is named “85532-w740.jpg” can have the name modified, which modification can be removing the file type tag – as seen here in this screenshot. (Again, uploading the file itself isn’t permissible in this instance, only the screenshot.)

With a bit of relatively simple steps, such as modifying/changing the file name and type tags, and then encrypting the resulting file, it is effectively rendered incapable of being read by a computer, or even a human… UNLESS they have: 1.) The encryption key, and; 2.) Know the file type tags to replace.

Screenshot of jpg image with jpg file type tag removed, and encrypted. Note the presence of the encryption file type tag gpg.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: