Apple’s New Update
Apple released new changes to the iPhone designed to prevent child sexual abuse by scanning photos uploaded to their iCloud storage service and a new feature for parents that flag nude photos sent or received through text message. Apple’s announcement is a big step for the cybersecurity world, as it sets a new precedent for the company that law enforcement or the government could potentially exploit. According to Matthew D. Green, a cryptography professor at Johns Hopkins University, Apple had previously “been selling privacy to the world and making people trust their devices. But now they’re basically capitulating to the worst possible demands of every government.” He additionally stated that Apple has little justification to say no to government requests for private information with this new announcement.
Apple’s scanning technology uses hashing, a process where images are translated into numbers that are used as a fingerprint for the image. Then, iOS will compare the hash of the image to a stored hash database of known child sexual abuse material – or CSAM for short – to check for a match. When a matching hash is found, the image is shown to an Apple employee for further verification, and then forwarded to the National Center for Missing & Exploited Children with the user’s iCloud account locked.
Apple’s other feature concerns photos sent through text messages. This feature is solely for family iCloud accounts. If a parent turns the feature on, the child’s iPhone will analyze every photo received or sent through text to determine if it includes nudity. Nude photos will be blurred and the child will need to choose if they wish to view it. If a child under 13 chooses to view or send a nude photo, their parents will be notified.
What does this mean for users?
For those exploiting children and/or have CSAM on their iCloud, this announcement means trouble. For everyone obeying the law, it means that Apple will have a look at the hashes of your photos, but not the images themselves, and that end-to-end security for iMessage is still maintained, due to the security measures being implemented on the phones, and not the server.