iPhone X vulnerability can let hackers steal your deleted photos

Researchers have discovered a worrying and potentially extremely embarrassing iPhone X vulnerability. It could allow hackers to get their hands on your deleted photos and other files you may have thought you’d got rid of for good.

Richard Zhu and Amat Cama exposed the security flaw at Mobile Pwn2Own 2018 this week, and were awarded with $60,000 in prize money (via Forbes).

Read more: Apple Black Friday deals 2018

They demonstrated the exploit on an iPhone X running iOS 12.1 − at present the most up to date version of Apple’s mobile operating system. Apple has been informed of the vulnerability, but is yet to roll out a fix.

First, a little background. Deleting a picture or file on an iPhone isn’t as simple as you might think.

When you hit delete, it isn’t actually deleted straight away, but is instead sent to a ‘Recently Deleted’ folder. It will then sit there for up to 30 days, before being properly deleted.

During this time, you can dive into the Recently Deleted folder and either manually delete the file, or recover it.

Forbes reports that the Zhu and Cama found a way to access ‘Recently Deleted’ files by exploiting the iPhone X’s JIT (just-in-time) compiler − which is supposed to help iPhones run faster − via an attack over a malicious Wi-Fi access point.

Read more: Black Friday deals 2018

The Mobile Pwn2Own 2018 organisers described the attack as a “coffee shop scenario”, so fingers-crossed Apple rolls out a protective update sooner rather than later.

How much does this type of vulnerability worry you? Let us know over on Twitter @TrustedReviews.