[throwayws]

Planting false evidence is getting a new twist here. The attacker doesn't even have to make a report! The victim's computer does it for him. Disk encryption malware may have new successor. Effective and scalable extortion as a service.

[Kaytaro]

This is a great point. You don't even need to unlock an iPhone to take a picture. So in theory anyone with access to your phone for a few seconds could incriminate you with little effort.

[selsta]

This is already possible today with things like iCloud Photos, Google Photos, OneDrive etc.

[mobiledev2014]

Today: "WTF is this?" delete

iOS 15: "WTF is this?" SWAT team crashes through window

[gonehome]

This is not true. The check is only against known CSAM hashes.

[noisem4ker]

Just photograph a known bad picture.

[gonehome]

Then that's a different photo and will have a different hash.

[Simucal]

These aren’t cryptographic hashes. They are perceptual hashes and a picture of a picture could absolutely end up with the same phash value.

[skavi]

is there really no fuzziness to it? If not, can’t this be defeated by simply reencoding the image?

[gonehome]

I think it has gotten more sophisticated to detect cropped images and small changes now: https://inhope.org/EN/articles/what-is-image-hashing

The example is somewhat contrived.

If a 'friend' takes your phone and has access to it and then uses it to take images of CSAM similar enough to the original image that it triggers the hash match and does this enough times to go over Apple's threshold to flag the account after these images are uploaded to icloud without the original phone owner noticing then yes it might cause a match.

At that point the match is probably a good thing (and not really a false positive anyway) - since it may lead back to the friend (that has the illegal material).

[antpol]

Are you sure the hash function literally called "NeuralMatch" running on the device with 2+ gen of AI capable chips won't have "collisions"?

[archagon]

Picture of a picture?