Software Integrity Blog


How to exploit the iOS thumbnail restoration vulnerability

In the fall, the headlines were littered with news of the “iCloud Data Breach.” This exposed nude photographs of celebrities and potentially left all iCloud accounts vulnerable to exposure.

A lapse in proper security controls

Fingers were pointed and people and companies were blamed for the breach. However, it all boils down to a lapse in proper security controls to prevent attacks; that control is the one that allowed access to iCloud accounts by adversaries. Updates are made to mobile phone software and pushed to users across the globe where they are given the option to update or not. Many times, users do not update their phone. Part of that may be because the users don’t understand what security flaws or bugs are being fixed by updating their software.

If users are aware of bug updates, it is typically of one big bug and not all of the bugs that are being fixed. Often times, it can take several releases before a known bug is fixed.

Thumbnail restoration issue

Related to the leaked celebrity news is the bug we’ll discuss below that was reported in 2013 and was not fixed until the release of iOS 7.1, March 2014. The thumbnail restoration issue is a vulnerability which stemmed from a problem seen across many applications and assessments, the caching of information. Caching can be a very good thing in order to increase loading time and create a more favorable user interface, but it can have consequences as well. In the iOS case, photos were cached in the gallery and a malicious user could recover the cached photos by saving a simple transparent image in its place. Given the recent events, a scenario could play out like this:

  1. Alice takes several photographs she doesn’t want to share with anyone. Later she decides to delete them so anyone with her phone cannot open the photo gallery and see the photos.
  2. Bob is hanging out with Alice and wants to see what she been up to. When Alice goes to the other room, Bob accesses her phone and saves several transparent images into her camera roll. These images reveal what photos were once there and had been deleted.

Learn more about iOS security


More by this author