Hackers have discovered a way to break into your iPhone and take away your deleted photos. Thankfully, the two people who discovered this vulnerability aren’t the bad kind of attackers out to steal your data. They were actually competing for a $50000 prize as part of a Mobile Pwn2Own contest taking place in Tokyo, winning the top draw thanks to an innovative hack.
Richard Zhu and Amat Cama, together known as Fluoroacetate, were challenged to find a way to attack an iPhone X running iOS 12.1, the latest version of the software. They decided to exploit a flaw in the default Safari browser. Specifically, in the just-in-time (JIT) compiler.
How Hackers Broke Into An iPhone X
JIT compilers are basically programs which turn Java bytecode into instructions which are sent directly to the processor. It makes iPhones run faster since it helps convert computer code in real time while an app is running. Forbes reports that the hackers attacked the JIT compiler over a malicious Wi-Fi access point.
As pointed out by a spokesperson for the contest, this is a coffee shop scenario, so everyone is exposed. Cama and Zhu retrieved a deleted photo from the iPhone X using the flaw. They could have actually grabbed more, but they decided to use it for the demonstration since it was the first file they found on the disk.
Apple doesn’t immediately eliminate a photo when you press delete. Instead, it shifts the image to a Recently Deleted album. You can either un-delete the image or permanently remove it yourself. If you don’t do anything, iOS gets rid of it after 30 days.
There’s no chance of permanently erased snaps being stolen since Apple destroys them completely. It’s just the recently deleted ones which are vulnerable, plus whatever else hackers can find. The company has been informed of this problem, as per the rules of the contest, but hasn’t officially commented on it yet.
Apple will probably roll out a software update to address the issue in the near future. Until then, keep your photos safe.