Apple’s iPhone Photo Scanner is Already Being Hacked The iPhone photo scanner has been a popular feature on Apple products for years, but it seems that hackers are already finding ways to hack into the device. According to a report from Forbes, hackers have found a way to exploit the iPhone photo scanner and steal images and data from photos that are scanned in. The hack reportedly works by tricking the device into thinking that a document is a photo, which then allows the hacker access to the image data. This vulnerability could potentially be exploited by criminals who want to steal personal photos or information from scanned documents. Apple has yet to release a statement about this issue, but it’s likely that they’re working on a fix. ..


There’s been a lot of talk regarding Apple’s CSAM (Child Sexual Abuse Material) scanner. Now, the scanner is back in the news again, as it appears that hackers could be one step closer to tricking the CSAM scanner and creating false positives.

The Issue With Apple’s CSAM Scanner

A Reddit user did some reverse engineering to understand Apple’s NeuralHash algorithm for on-device CSAM detection. In doing so, they discovered a possible collision in the hash that could create false positives. A collision is a potential clash that occurs when two pieces of data have the same hash value, checksum, fingerprint, or cryptographic digest.

A coder named Cory Cornelius produced a collision in the algorithm, which means they found two images that create the same hash. This could be used to create false positives, which would flag images to Apple as containing child abuse even if they’re entirely innocuous.

While it certainly wouldn’t be easy, there’s the possibility that a hacker could generate an image that sets off the CSAM alerts even though it is not a CSAM image.

— Matthew Green (@matthew_d_green) August 18, 2021

Apple does have layers designed to make sure the false positive doesn’t cause an issue. For example, when an image is flagged, it must be reviewed by an actual person before it is sent to law enforcement. Before it even gets to that point, the hacker would need to gain access to the NCMEC hash database, create 30 colliding images, and then get all of them onto the target’s phone.

That said, it’s just another issue that comes up with Apple’s CSAM scanner. There’s been tremendous opposition already, and the fact that coders were able to reverse engineer it already is very concerning. Instead of a collision taking months to pop up, one was discovered within hours of the code going public. That’s concerning.

Will Apple Do Anything?

Only time will tell how Apple addresses this situation. The company might backtrack on its plan to use the NeuralHash algorithm. At the very least, the company needs to address the situation, as confidence in Apple’s photo-scanning plan is already low.