Uighurs targeted in iPhone attack

56

Apple Inc confirmed China’s Uighurs, a mostly Muslim minority group considered a security threat by Beijing, had been the target of attacks due to iPhone security flaws, but disputed rival Alphabet Inc’s description of the effort to track users of the smartphone in real time.

Google Project Zero researchers said five security flaws led to a “sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”

The researchers did not specify the communities, but CNN, TechCrunch and other news organisations reported the attacks were aimed at monitoring Uighurs. Reuters recently reported China hacked Asian telecommunications companies to spy on Uighur travellers.

Apple said the attack “was narrowly focused” and affected “fewer than a dozen websites that focus on content related to the Uighur community” rather than the “en masse” hack of iPhone users described by Google researchers. Apple said it fixed the issue in February, within 10 days of being notified by Google.

Apple said evidence suggested the website attacks lasted two months, rather than the two years that Google researchers suggested.

“Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users their devices are compromised,” Apple said in a newsroom post. “This was never the case.”

In a statement, Google stood by its findings and would continue to work with Apple and other companies to find and fix flaws.

“Project Zero posts technical research designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies,” Google said. “We stand by our in-depth research written to focus on the technical aspects of these vulnerabilities.”



Google and Apple are rivals in the smartphone market, where their iOS and Android operating systems vie for users. Google’s Project Zero research team is focused on finding security flaws from a wide range of software and hardware firms, not solely Apple. Last year the group played a key part in finding security flaws in Intel Corp chips.