Ethnic Uighur women leave a detention center where political education lessons are held in Kashgar, China in September 2018.
Apple said on Friday that a massive phone hacking scheme that affected Apple and Android phones targeted Uighurs, a persecuted Muslim ethnic minority group, whose people have been imprisoned by the Chinese government.
In a blog post, the iPhone maker took issue with some of the findings released by Google researchers last week that publicized vulnerabilities on Apple’s iOS operating system, noting that Google’s disclosure came six months after Apple had patched them. Apple claimed that Google’s research created “the false impression” of a “mass exploitation” and that the attacks were only operational for two months, not two years as first implied by Google.
In the same post, Apple confirmed earlier reporting and research that the website-based attacks, in which users visited compromised websites and jeopardized the security of their iPhone’s and Android devices, focused on Uighurs, a minority Turkic group which includes more than 11 million people living in Xinjiang, a region in northwest China.
“The attack affected fewer than a dozen websites that focus on content related to the Uighur community,” Apple said. “Regardless of the scale of the attack, we take the safety and security of all users extremely seriously.”
Xinjiang is one of the most surveilled places in the world and the Chinese government has been cracking down on the ethnic minorities who live there under the guise of public safety. Since 2017, more than a million people have been detained in internment camps in Xinjiang in a practice that’s been decried by the US government and the international community.
A source familiar with the situation told BuzzFeed News that the hack emanated from China. An Apple spokesperson did not immediately return a request for comment.
In what was a strong rebuke of Google’s findings, Apple’s post declared the the “sophisticated attack” did not target iPhone “en masse.” While Google did not reveal how many devices were ultimately infected, it noted last week that “simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant.”
“We estimate that these sites receive thousands of visitors per week,” Ian Beer of Google’s Project Zero wrote in the post.
Apple gave no indication of how many Apple devices were compromised by the exploit.
“We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it,” the company said. “When Google approached us, we were already in the process of fixing the exploited bugs.”
Ryan Mac is a senior tech reporter for BuzzFeed News and is based in San Francisco.
Contact Ryan Mac at [email protected]
Got a confidential tip? Submit it here.
Source: Read Full Article