Apple’s NeuralHash Algorithm Has Been Reverse-Engineered
Apple’s NeuralHash algorithm—the one it’s using for client-side scanning on the iPhone—has been reverse-engineered.
Turns out it was already in iOS 14.3, and someone noticed:
Early tests show that it can tolerate image resizing and compression, but not cropping or rotations.
We also have the first collision: two images that hash to the same value.
The next step is to generate innocuous images that NeuralHash classifies as prohibited content.
This was a bad idea from the start, and Apple never seemed to consider the adversarial context of the system as a whole, and not just the cryptography.
jones • August 18, 2021 12:26 PM
Well, they probably thought it would be cool because it’s client-side scanning, and wouldn’t impact their privacy-oriented PR campaign.
https://www.youtube.com/watch?v=8w4qPUSG17Y