iPhone X bug lets hackers access 'deleted' photos: Details here
What's the story
Two ethical hackers have uncovered a major security issue on the iPhone X, a bug that lets hackers access 'recently deleted' photos from the device.
The hackers demoed the vulnerability and its exploit at the Mobile Pwn2Own contest in Tokyo and have been awarded $50,000 for the discovery.
Apple has been notified about the problem but has not taken any action, yet.
Here's more.
Bug details
How iPhone X photos can be accessed?
Richard Zhu and Amat Cama demonstrated how sophisticated hackers can remotely access photos deleted from an iPhone X.
They connected a demo unit (running iOS 12.1) to a malicious Wi-Fi access point and used the Safari browser to exploit a vulnerability in the phone's just-in-time (JIT) compiler.
The compiler processes computer code as the program runs, and compromising it gave access to deleted photos.
Deleted photos
However, these were not truly deleted photos
While the bug highlights a major security issue, it is worth noting that the photos it gives access to were not truly deleted, Forbes reported.
Put simply, they were recovered from the 'Recently Deleted' album or the place that acts as the 'Recycle Bin' of photos app.
All deleted photos go into this album, giving users an option to recover them if they need.
Do you know?
Permanently deletion after 30 days
Notably, the photos transferred to the 'Recently Deleted' album remain available for recovery for 30 odd days. After that, they are automatically deleted permanently.
More data risk
Also, it doesn't just put photos at risk
The photo recovered in the demo was the first file that the researchers found, but theoretically, this bug puts any data processed by the JIT compiler at risk.
As part of the rules, Apple has been informed of the bug, but as of now, the company has not taken an action to fix it.
Hopefully, the next iOS update will remove it.