Jump to content
  • entries
    35,857
  • comments
    14
  • views
    405,045

An iPhone X Bug Lets Hackers Access Your Deleted Photos


ADMIN

158 views

Apple's iOS comes with a native Photo app that functions as a primary medium to browse all the pictures stored on your phone. The Photo app also has a "Recently Deleted" album that stores all your deleted pictures for a period of 30 days. After 30 days, the pictures are permanently deleted. This way, if you accidentally hit "Delete", a recovery option is easily available. 

Unfortunately, hackers have discovered an exploit with Safari on the iPhone X that allows them to steal the "Recently Deleted" pictures. At the Mobile Pwn2Own contest in Tokyo this week, white hat hackers Richard Zhu and Amat Cam discovered this bug and were awarded US$ 50,000 bounty. 

An iPhone X Bug Lets Hackers Access Your Deleted Photos© Zero Day Initiative / Team Fluoroacetate 

The two operated as team Fluoroacetate and connected a target iPhone X via a malicious Wi-Fi access point (a public network at a cafe or hotel). Then, an unpatched just-in-time (JIT) compiler bug was combined along with an Out-Of-Bounds Access to grab a file from the phone's storage. The JIT compiler helps iPhones run faster by processing code while a program is running, rather than in advance. 

Theoretically, any data processed through the JIT is vulnerable to attacks, and the Photos app was used as a proof of concept. This means that aside from photos, it is possible that other bits of data on an iPhone could be accessed and stolen as well.

An iPhone X Bug Lets Hackers Access Your Deleted Photos© Apple

As per the Pwn2Own's contest rules, Apple has been notified about the exploit and we presume the company shall be releasing a security patch soon. The contest is being held since 2007 and offers cash and prizes to security researchers to find and demonstrate zero-day vulnerabilities.  

We are yet to see the actual usage of this vulnerability in the wild, but as a preliminary caution, it's always recommended to never connect your phone to unknown WiFi networks. The bug is affecting iPhone X devices running iOS 12.1. With the iOS 12 update, Apple has been constantly trying to fix many of these performance as well as security issues that have been plaguing the OS for years. 

An iPhone X Bug Lets Hackers Access Your Deleted Photos© Reuters

The Fluoroacetate team also managed to sneak out information from Android devices like the Samsung Galaxy S9 and Xiaomi Mi 6. In total, the team cashed in a total of US$ 215,000 in prizes at the contest. 

Source: AppleInsider

Emraan Hashmi

0 Comments


Recommended Comments

There are no comments to display.

Join the conversation

You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...