Apple shares a security threat review for its new CSAM detection feature

By Oliver Haslam
published

How to remove location data from photos on your iPhone
How to remove location data from photos on your iPhone (Image credit: iMore)

What you need to know

  • Apple has released a new document further detailing the security implications of its CSAM detection plans.
  • Apple will publish details of the encrypted CSAM hash database that will be on all iPhones and iPads.
  • Security researchers will be able to inspect the database to confirm its validity

Apple today released a new document that it hopes will go some way to allaying fears surrounding the security of its new CSAM detection system. The document carries the lofty title of "Security Threat Model Review of Apple's Child Safety Features" and is available on Apple's website (opens in new tab).

In the document, Apple explains that it will publish a further Knowledge Base article that will contain the root hash of the encrypted CSAM hash database that will itself be included in all versions of iOS and iPadOS. The theory is that security researchers will be able to compare the database on their devices with the one on Apple's servers, ensuring that it hasn't been meddled with in any way. That's just one of the methods Apple will now employ to ensure the database of CSAM being checked is legitimate.

Apple will publish a Knowledge Base article containing a root hash of the encrypted CSAM hash database included with each version of every Apple operating system that supports the feature. Additionally, users will be able to inspect the root hash of the encrypted database present on their device, and compare it to the expected root hash in the Knowledge Base article. That the calculation of the root hash shown to the user in Settings is accurate is subject to code inspection by security researchers like all other iOS device-side security claims.

Apple also says that the approach will allow third-party technical audits of its system, including the encrypted CSAM database.

This approach enables third-party technical audits: an auditor can confirm that for any given root hash of the encrypted CSAM database in the Knowledge Base article or on a device, the database was generated only from an intersection of hashes from participating child safety organizations, with no additions, removals, or changes. Facilitating the audit does not require the child safety organization to provide any sensitive information like raw hashes or the source images used to generate the hashes – they must pro- vide only a non-sensitive attestation of the full database that they sent to Apple. Then, in a secure on-campus environment, Apple can provide technical proof to the auditor that the intersection and blinding were performed correctly. A participating child safety organization can decide to perform the audit as well.

In a media briefing, Apple further confirmed that the CSAM threshold at which photos will be flagged for manual review is 30. That means an iCloud account will need to have 30 pieces of CSAM content discovered before a manual review takes place. Apple says that the number was never intended to be kept private because security researchers would have been able to discover it regardless. It's also thought that while some may find the number 30 high, it's still very likely much lower than the number of images likely to be found in an offender's library.

The full document can be read on Apple's website and may go some way to making people more comfortable with the new CSAM detection system. Apple was also keen to point out that the current dialog surrounding the system is something that was built into the feature's timeline.

Oliver Haslam
Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.

Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.

1 Comment
  • There is a big flaw with this still. Its great that people, and security researchers can make sure that Apples CSAM hash file will be able to be verified, but whats to stop other files that have nothing to do with CSAM data or hashes being loaded on Apples iPhones at a later date, and then scan for any other content that is not CSAM related? Nothing!