Hackers Find a Way To Recover Your Deleted iPhone Photos
- Pwn2Own is a popular hacking event that brings together some of the most talented hackers in the world.
- The winners of this year’s event have discovered a method to restore deleted iPhone images.
- The exploit was demoed by the winners live and can restore images that are up to several weeks old.
If you thought deleting images from your iPhone means they’re gone for good, think again. Winners at the Mobile Pwn2Own 2018 were able to recover images from iPhones that are up to several weeks old. The event brings together some of the most proficient hackers in the world, and it alternates between desktop and mobile hacking. The event does not endorse cybercrime in any way, and hackers are rewarded the prize money only if they abide by an ethical agreement set by the organizers.
Zero-day bugs have become a rarity in the iPhone scene as Apple has stepped up its bug bounty program which makes hackers inclined to report them to the tech giant instead of releasing them publicly. Participants at the Mobile Pwn2Own event have to showcase their exploits and get them to work in 30 minutes. The showcased exploit was successful at restoring images from iPhones and are bound not to reveal details until Apple got a chance to patch it. The exploit got a fair bit of attention and needless to say it should not be possible to use anymore.
That brings to an end #Pwn2Own Tokyo 2018! Congrats to team @fluoroacetate on earning 45 points and being crowned Master of Pwn! #P2OTokyo pic.twitter.com/5MVzayd5aF
— Zero Day Initiative (@thezdi) November 14, 2018
The iPhone exploit is possible because of a “deleted-but-not-overwritten” file management process in many platforms. Leftover data stays even after deletion at the disk sector level in iOS. The issue is not limited to iOS alone, even desktop hard drives are built that way, and deleted files can be recovered through the right software and recovery methods. File management systems are built this way to enable forensic recovery in case of storage failure.
Apple is likely to retain the file management system for iOS and simply prevent access that the exploit showcased. Hackers Cama and Zhu were able to exploit bugs in the Safari web browser to enable access to delete photos. Browser bugs such as the one showcased by the winners are often developed using exploitative web pages.
The hackers earned $50,000 for the exploit along with an additional $30,000 for exploiting a Xiaomi MI6 phone and $25,000 for a JavaScript bug on the same device. They also earn $60,000 for exploiting an iPhone X using Wi-Fi. If you want a workaround to delete your photos until the patch for the exploit hits, you can simply head to your Photos app on your iOS device and find the Recently Deleted settings which will allow you to remove photos from your storage permanently.
What do you think about the iPhone exploit? Let us know in the comments below. Come chat with us on Facebook and Twitter.