New iOS exploit used to spy on China’s Uyghur minority

Security firm Volexity said Tuesday that it’s discovered a new iOS exploit that was being used to spy on China’s Uyghur minority.

Volexity named the exploit “Insomnia.” It works against iOS versions 12.3, 12.3.1, and 12.3.2. Note that exploit can be triggered through any browser on the phone, as they all use WebKit. Volexity was able to confirm successful explotiation of a phone running 12.3.1 via the Apple Safari, Google Chrome, and Microsoft Edge mobile browsers.

Apple patched the vulnerability last July, with the release of iOS version 12.4.

Uyghur exploitCatalin Cimpanu for ZDNet:

Volexity said the Insomnia exploit was used in the wild between January and March 2020.

The exploit was loaded on the iOS devices of users visiting several Uyghur-themed websites. Once victims accessed the site, the Insomnia exploit was loaded on the device, granting the attacker root access.

Hackers used access to the device to steal plaintext messages from various instant messaging clients, emails, photos, contact lists, and GPS location data.

Volexity said the exploit was deployed by a threat actor the company is tracking under the name of Evil Eye.

The Evil Eye group is believed to be a state-sponsored hacking unit operating at Beijing’s behest, and spying on China’s Uyghur Muslim minority.

MacDailyNews Take: Obviously, visitors to Uyghur-themed websites should update their iOS devices to the iOS 12.4 or later.

Volexity’s full report is here.

3 Comments

  1. Please, please help this naive soul understand….

    The article states, “ Once victims accessed the site, the Insomnia exploit was loaded on the device, granting the attacker root access.”

    Does this literally mean that merely visiting a site, without selecting any link, gives the attacker access to the device?

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.