(MENAFN- NewsBytes)
iPhone X bug lets hackers access 'deleted' photos: Details here
16 Nov 2018
Two ethical hackers have uncovered a major security issue on the iPhone X, a bug that lets hackers access 'recently deleted' photos from the device.
The hackers demoed the vulnerability and its exploit at the Mobile Pwn2Own contest in Tokyo and have been awarded $50,000 for the discovery.
Apple has been notified about the problem but has not taken any action, yet.
Here's more.
How iPhone X photos can be accessed?
Bug details
Richard Zhu and Amat Cama demonstrated how sophisticated hackers can remotely access photos deleted from an iPhone X.
They connected a demo unit (running iOS 12.1) to a malicious Wi-Fi access point and used the Safari browser to exploit a vulnerability in the phone's just-in-time (JIT) compiler.
The compiler processes computer code as the program runs, and compromising it gave access to deleted photos.
However, these were not truly deleted photos
Deleted photos
While the bug highlights a major security issue, it is worth noting that the photos it gives access to were not truly deleted, Forbes reported.
Put simply, they were recovered from the 'Recently Deleted' album or the place that acts as the 'Recycle Bin' of photos app.
All deleted photos go into this album, giving users an option to recover them if they need.
Permanently deletion after 30 days
Fact
Notably, the photos transferred to the 'Recently Deleted' album remain available for recovery for 30 odd days. After that, they are automatically deleted permanently.
Also, it doesn't just put photos at risk
More data risk
The photo recovered in the demo was the first file that the researchers found, but theoretically, this bug puts any data processed by the JIT compiler at risk.
As part of the rules, Apple has been informed of the bug, but as of now, the company has not taken an action to fix it.
Hopefully, the next iOS update will remove it.
MENAFN1611201801650000ID1097704626
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.