This is an exceptionally sensitive subject area, but as Jake Moore-a former police digital forensics expert, tells this week’s STC, “my worry is where does this stop. Apple’s solution is automated, operating without any direct user intervention. A specific user action triggers the security compromise, which is no different to taking a screenshot. Reporting functions, such as WhatsApp’s, allow content to be flagged by a recipient, and then pulls messages from within the secure platform to send to reviewers. Let’s be very clear, we need better measures on social media and communications platforms to protect children. But what happens when governments play the “local laws” game that has already compromised the App Store and iCloud for Chinese iPhone users? Initially, this AI engine is looking for narrow classifiers. Technically, end-to-end encryption has been maintained, but the concept of an end-to-end encrypted platform has been broken. As soon as the app includes some form of monitoring, however well-intentioned, everything changes. When you open an encrypted messenger-iMessage or WhatsApp or Signal-you need to feel secure, that you’re operating inside a protected enclave that includes the app, the transportation layer, and the receiving app on the other side. That’s why Pegasus doesn’t need to break end-to-end encryption to function. “Even a thoroughly documented, carefully thought-out, and narrowly-scoped backdoor,” EFF warns, “is still a backdoor.” If I can compromise one or both “ends,” I don’t need to compromise the transport layer between those ends.
Most recent apple update update#
That’s why phone backups to the cloud can compromise your security, as you will have seen with WhatsApp’s encrypted backup update and that’s why attacks on secure messaging platforms focus on compromising an “end” and not the “end-to-end.”
Most recent apple update full#
If I have full access to your phone, I have access to its content. The messaging database on your phone is protected by device security-your passcode or biometric access. This is why Apple can say that end-to-end encryption remains intact. Critically, the two (or more) ends sit outside end-to-end encryption-the messages and any attachments need to be decrypted to enable you to read them. Even a well-intentioned effort to build such a system will break key promises of the messenger’s encryption itself and open the door to broader abuses.”Įnd-to-end encryption secures the transportation of content from your device to somewhere else-in messaging, that is obviously someone else’s device. It fundamentally changes iMessage and there will be no going back.Īs EFF has warned, “it’s impossible to build a client-side scanning system that can only be used for sexually explicit images sent or received by children.
But the technical impediment to broader monitoring has been removed. Yes, this initial use case is very limited. But the critical issue is that iMessage is end-to-end encrypted, and the update is essentially Apple adding AI monitoring to the platform. With no external reporting in this iMessage update, it might seem little different to the photo categorization that already takes place on iPhones using on-device AI. Slightly watered-down, because the initial plan to notify the parents of under-13s who viewed flagged images has been removed. While there’s no sign yet of the CSAM scanning, the latest developer beta of OS 15.2 has just introduced a slightly watered-down version of the iMessage update. Critics were quick to point out that governments-foreign and domestic-would see this as an opportunity to search for more than CSAM. Client-side photo scanning opens a door to government interference in what’s being flagged and undermines the perceived security of what happens on your iPhone stays on your iPhone.
0 kommentar(er)
