Advertisement

iPhone X bug lets hackers snag deleted photos

Researchers discovered the exploit at a hacker event this week.

Whether it's because they're unflattering, inappropriate or just plain terrible, we've all deleted photos for one reason or another. But the drunken 3AM selfies that you thought you scrubbed from your phone might not be totally gone, and two researchers have found a vulnerability in iPhone X that could let hackers access supposedly-deleted photos and files.

Richard Zhu and Amat Cama discovered the issue at a contest for hackers to find iOS and Android bugs, and revealed it in a demo this week. They connected to the device (which was running iOS 12.1) through a malicious Wi-Fi access point and exploited a vulnerability in a just-in-time (JIT) compiler, which helps iPhones run faster by processing code while a program is running, rather than in advance.

They were then able to grab a photo from the Recently Deleted album in the Photos app (so the image wasn't truly deleted). The album retains photos you deleted for 30 days, just in case you excised them by accident or change your mind, before permanently scrubbing them. The exploit could be used to access other data that the JIT compiler processes. The photo was just the first file that Zhu and Cama found.

The pair earned a $50,000 bounty at Mobile Pwn2Own for discovering the problem (it's not the first time hackers at the event have grabbed data from an iPhone via a Safari bug). As per the rules of the contest, Apple has been informed of the bug, according to Forbes, but has yet to patch it.