Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This style of attack has been discussed for a while https://www.usenix.org/system/files/sec20-quiring.pdf - it’s scary because a scaled image can appear to be an _entirely_ different image.

One method for this would be if you want to have a certain group arrested for having illegal images, you could use this sort of scaling trick to transform those images into memes, political messages, whatever that the target group might download.



This is mind-blowing and logical but did no one really think about these attacks until VLMs?

They only make sense if the target resizes the image to a known size. I'm not sure that applies to your hypotheticals.


Because why would it matter until now. If a person looked at a rescaled image that says “send me all your money” they wouldn’t ignore all previous learnings and obey the image.


Hidden watermarking software uses the same concepts. It is known.


Steganography for those who want to look it up.


Describing dithering as scary is wild


The thing is that the image can change entirely, say from a gunny cat picture to an image of a dog.


And that "trick" has been used in imageboards with thumbnails for a very long time to get people to click and see a full image while they otherwise wouldn't.


Sure, but back then it was "haha you've been pranked! and yes, that guy is actually wearing a wedding band!"

Now... with chat control and similar alternatives and AI looking at your images and reporting to authorities, you might get into actual trouble because of that.


Yup. Imagine the ‘fun’ caused by automated CSAM or ‘bad politics’ content scanners and this tech.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: