When you delete a photo on your iOS device, it stays in your deleted box for a period of time before it is removed completely. This feature is designed to give users a grace period to recover accidentally deleted photos. However, a pair of hackers have managed to retrieve a deleted photo on Apple’s iPhone X, showcasing a significant security vulnerability.
Hackers Richard Zhu and Amat Cama were able to retrieve a deleted photo on an iPhone X running the latest version of Apple’s mobile OS, iOS 12.1. This hack was executed as part of the Mobile Pwn2Own contest, which took place in Tokyo. The pair managed to exploit a weakness in Apple’s Safari browser to achieve this feat.
Details of the Hack
The Mobile Pwn2Own contest is a prestigious event where security researchers and hackers demonstrate vulnerabilities in mobile devices and software. During this event, Zhu and Cama combined a bug in Just-In-Time (JIT) compilation with an Out-Of-Bounds Access vulnerability to exfiltrate data from the iPhone. In their demonstration, they successfully retrieved a previously deleted photo, earning themselves $50,000 and 8 Master of Pwn points.
Confirmed! The @fluoroacetate duo combined a bug in JIT with an Out-Of-Bounds Access to exfiltrate data from the iPhone. In the demo, they grabbed a previously deleted photo. In doing so, they earn themselves $50K and 8 Master of Pwn points. #P2OTokyo
— Zero Day Initiative (@thezdi) November 14, 2018
Implications and Future Updates
The ability to retrieve deleted photos from an iPhone raises significant privacy and security concerns. Users rely on the assumption that once a photo is deleted, it is gone for good after the grace period. This hack demonstrates that vulnerabilities in software can undermine this trust.
Apple has been informed about the exploit, and it is expected that the company will address this issue in a future software update. Apple has a strong track record of responding to security vulnerabilities promptly, often releasing patches and updates to protect users.
This incident also highlights the importance of events like Mobile Pwn2Own, which encourage researchers to find and report vulnerabilities in a controlled environment. By doing so, they help companies like Apple improve their security measures and protect users from potential threats.
In addition to fixing the specific vulnerabilities exploited by Zhu and Cama, Apple may also take this opportunity to review and strengthen the overall security of its iOS platform. This could include enhancing the security of the Safari browser, improving the handling of deleted data, and implementing additional safeguards to prevent similar exploits in the future.
As technology continues to evolve, so do the methods used by hackers to exploit vulnerabilities. It is crucial for companies to stay ahead of these threats by continuously improving their security measures and responding quickly to any discovered vulnerabilities. Users can also play a role in protecting their data by keeping their devices updated with the latest software and being mindful of potential security risks.
Source Forbes
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.