Skip to main content

Research reveals image-based sexual abuse removal tools are vulnerable to Generative AI attacks

Research reveals image-based sexual abuse removal tools are vulnerable to Generative AI attacks

  • Date03 December 2024

New research led by Royal Holloway academics has revealed privacy vulnerabilities in “perceptual hashing,” a technology widely used to combat the spread of non-consensual intimate images.

Ibsahero

A team of researchers from the Department of Information Security at Royal Holloway, University of London have highlighted major privacy risks in technologies designed to help people permanently remove image-based sexual abuse (IBSA) material – such as non-consensual intimate images – from the Internet.

These findings, published in IEEE Security & Privacy Magazine, reveal how the techniques currently used to identify and remove abusive content can be attacked with generative AI, potentially putting vulnerable users at risk.

The research team focused on ‘perceptual hashing’: a method that creates “digital fingerprints” of images to detect harmful content without storing and distributing the original files. Most online platforms (particularly social media sites) keep a list of hashes of known abusive images, enabling the detection and prevention of re-uploaded copies.

Additionally, tools such as “Take It Down” operated by the National Center for Missing and Exploited Children (NCMEC) enable users to self-report IBSA in one place. For this, users can upload perceptual hashes of images, which are then shared with partner platforms such as Facebook and OnlyFans.

However, the recently published paper demonstrates that perceptual hashes are not as irreversible as expected, undermining the privacy assurances claimed by IBSA removal tools on their FAQ pages.

Led by Sophie Hawkes, PhD researcher from the Department of Information Security, the research team examined four widely-used perceptual hash functions, including Facebook’s PDQ Hash (used by “Take It Down”) and Apple’s NeuralHash, and found that all of them are vulnerable to reversal attacks.

More specifically, it became clear that adversarial use of generative AI could approximately reconstruct the original image material. Sophie highlights: “Our findings challenge the assumption that perceptual hashes alone are enough to ensure image privacy, but rather perceptual hashes should be treated as securely as the original images.”

This is particularly concerning given the sensitive nature of IBSA content and the vulnerable user groups these tools aim to protect. Co-authors Dr Maryam Mehrnezhad (Royal Holloway) and Dr Teresa Almeida (University of Lisbon) highlight that: “The harms of modern technologies can unfold in complex ways. While IBSA risks are not limited to any demographics, certain groups such as children can be at a greater risk including psychological damage and danger to their safety. Hence, designing secure and safe tools is essential when addressing these risks.” 

The researchers argue that the current design of services like “Take It Down” is insufficient and emphasise the need for stronger data protection measures, for example using cryptographic protocols like private set intersection (PSI). By using PSI, it would be possible to enable secure hash matching without exposing sensitive data. This would ensure a more privacy-focused solution for removing harmful content, protecting vulnerable users.

However, presently, the researchers advise users to carefully consider the risks of perceptual hashing and to make an informed decision when submitting a report. In particular, users should take into account both the risk of images being posted online and the risk of the images being reconstructed from reporting hash values.

While there might be no significant loss in privacy when reporting hashes of images that are already shared online, proactive reporting of images might be a concern.

Following responsible disclosure procedures, the researchers have alerted NCMEC to their findings, urging service providers to prioritise the implementation of more secure solutions to ensure user privacy.

Additionally, the researchers advocate for greater transparency, so that users can make an informed decision about the trade-off between their privacy and safety when deciding whether or not to use perceptual hash-based IBSA reporting tools.

Co-author Dr Christian Weinert, from the Department of Information Security concludes: "Future work in this space will require collaborative efforts involving technology designers, policymakers, law enforcement, educators, and, most importantly, victims and survivors of IBSA to create better solutions for all."

Related topics

Information Security

More news

Browse all news

Calls for urgent action to policy makers as research reveals real extent of human trafficking

04 Dec 2024

New research has revealed a more accurate estimate of those trafficked across the world, from 49.6million to 65.3million, with urgent action needed to prevent this criminal exploitation and coercion.

Academic wins ‘Oscar of higher education’ for Outstanding Research Supervisor of the Year

29 Nov 2024

Professor Felix Driver, from the Department of Geography, has won a Times Higher Education Award (THE) in the category of Outstanding Research Supervisor of the Year.

Unique virtual production and sound studio opens to support creative technology businesses

22 Nov 2024

A new virtual production facility, Futures Studio, has opened offering creative technology businesses a space to innovate, showcase their work and collaborate with industry experts.

New funding boost for future bioscience and environmental science PhDs

19 Nov 2024

Royal Holloway has been given an amazing boost for bioscience and environmental science PhD students through Doctoral Landscape Awards (DLA).

Explore Royal Holloway