Pwn2Own Winners Find Way to Access Deleted Files on iPhone

If you think that deleting embarrassing photos off your phone is simple, well think again. This year’s Pwn2Own competition winners proved that hackers can still access deleted files on iPhone without having to break a sweat. Read on for the full story.

Access Deleted Files on iPhone – Full Story

Just like any competitive “sport”, hacking has its own Olympic-leveled competition: Pwn2Own. This year, the winners of Pwn2Own, hackers Richard Zhu and Amat Cama (team name: Fluoroacetate) exploited weaknesses in the Safari browser to retrieve deleted files on iPhone X.

Confirmed! The @fluoroacetate duo combined a bug in JIT with an Out-Of-Bounds Access to exfiltrate data from the iPhone. In the demo, they grabbed a previously deleted photo. In doing so, they earn themselves $50K and 8 Master of Pwn points. #P2OTokyo

— Zero Day Initiative (@thezdi) November 14, 2018

Fluoroacetate also successfully hacked:

• Xiaomi Mi6: managed to force the phone to launch a browser automatically and download a working exploit. They also used a JavaScript bug to exfiltrate data from the device.
• Samsung Galaxy S9: took over the phone by exploiting a bug in the phone’s baseband firmware.
• iPhone X: exploited the phone by tapping into a Wi-Fi bug.

According to the proceedings of the competition, the iPhone hack in question was demonstrated in a “coffee shop scenario”. In other words, team Fluoroacetate demonstrated how a hacker can access files that you previously thought deleted even in locales as inconspicuous as coffee shops.

How to Properly Delete Files on iPhone

Now, this might seem like a terrifying hack for most smartphone users in general. The good news is that the Pwn2Own competition isn’t about black-hat hacking at all. In fact, the tech companies that manufacture/develop the hacked devices get notified of all the vulnerabilities and exploits found in the competition. Despite that, iPhone users still have a way of permanently deleting their files.

See, there are 2 stages in the lifecycle of a deleted file. Before being permanently erased, all of your photos will be stored in the Recently Deleted file for 30 days. In order to permanently delete the files on iPhone, follow these steps:

1. Open Photos.
2. Go to Albums.
3. Open the Recently Deleted album. Select it.
4. Tap on Delete.

After these steps, you’ll permanently remove any deleted photos off your phone.

Pwn2Own Winners Find Way to Hack into Deleted Files on iPhone – Final Thoughts

I’m glad a story like this ended up making its rounds on the internet. Many people don’t consider how their mobile-habits affects their privacy and security. News like this helps the message of data privacy and security reach more people worldwide.

Operating Systems are never 100% bug-free, so we should all take the time to make sure we’re doing all we can to keep our information secure from our end. If you’re interested in doing that, check out our articles on keeping your iPhone and your Android phone as safe as you can.