Apple says Uighurs targeted in iPhone attack but disputes scope of Google’s claim

Stephen Nellis for Reuters:

Apple Inc on Friday confirmed that China’s Uighurs, a mostly Muslim minority group considered a security threat by Beijing, had been the target of attacks due to iPhone security flaws, but disputed rival Alphabet Inc’s description of the effort to track users of the smartphone in real time.

Google Project Zero researchers said last week that five security flaws led to a “sustained effort to hack the users of iPhones in certain communities over a period of at least two years.”

The researchers did not specify the communities, but CNN, TechCrunch and other news organizations reported that the attacks had been aimed at monitoring Uighurs. Reuters recently reported that China hacked Asian telecommunications companies to spy on Uighur travelers.

Apple said on Friday the attack “was narrowly focused” and affected “fewer than a dozen websites that focus on content related to the Uighur community” rather than the “en masse” hack of iPhone users described by Google researchers. Apple also said it fixed the issue in February, within 10 days of being notified by Google.

Apple said evidence suggested that the website attacks lasted only two months, rather than the two years that Google researchers had suggested.

MacDailyNews Take: Basically, Google made a mountain out of a molehill. Google —— who, without the iPhone to copy, would still be peddling BlackBerry knockoffs with beards of buttons — blew an iPhone vulnerability completely out of proportion to the point where Apple had to make a public statement refuting their obscenely overblown claims.

Interns, beloved interns, please commence your most sacred duty: TTK!

Prost, one and all!

10 Comments

  1. Ethical Google… the greatest oxymoron of them all. How appropriate that they piggy backed on the corruption of the Chinese government to dishonestly attack their rival whilst not mentioning that Android was part of the same attack.

    1. More than bullshit… not only did Google use this to dishonestly score points against its main rival, but also failed to mention the real villain – China – in order to protect its own interests. Did they really think no one would notice? Just like Facebook, Google increasingly lives inside its own parallel universe divorced from reality (and ethics).

    1. Thanks for the vid link. That was very informative. Maybe Project Zero should be somehow ‘spun-off’ so that any vulnerabilities for Google products would also necessarily have to be ‘aired’ and not just handled internally.

  2. Are Apple and Google talking about the same thing? Is Apple claiming the ‘infection’ was only possible during 2 months where Google is claiming that the ‘results’ (e.g. tracking, listening, extraction of data) of the malware exploits after infection went on for 2 years?

    While we know now that P-zero reported the finding to Apple and Apple fixed it in Feb this year, it is also still unclear when the sites were hacked to attach malware to visitor devices.

    There was also mention of user info up to six degrees of separation from the infected devices possibly being affected. Is there any more coverage on that point?

    While I understand it’s bad to make a mountain of a molehill the converse is also true. Especially since iOS users in general have been conditioned to assume a ‘higher’ level of security for their devices.

  3. I have always suspected that Project Zero was nothing more than a research facility with the sole intention of finding vulnerabilities in other operating systems in order to embarrass the competition.
    They have never been an ethical organisation independent from Google.

    1. If true why is Apple still doing business with Google? Apple (like Adobe Flash before Google) doesn’t need them and the same goes for Amazon, Facebook or Twitter.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.