By John Gruber
Streaks: The to-do list that helps you form good habits. For iPhone, iPad and Mac.
Zack Whittaker, reporting for TechCrunch:
A number of malicious websites used to hack into iPhones over a two-year period were targeting Uyghur Muslims, TechCrunch has learned.
Sources familiar with the matter said the websites were part of a state-backed attack — likely China — designed to target the Uyghur community in the country’s Xinjiang state.
It’s part of the latest effort by the Chinese government to crack down on the minority Muslim community in recent history. In the past year, Beijing has detained more than a million Uyghurs in internment camps, according to a United Nations human rights committee.
Google’s Project Zero team discovered these exploits early this year, and Apple closed them shortly thereafter. This week, the Project Zero team published their findings, and it’s really extraordinary work. What makes this case so unusual is that these sort of exploits are worth millions of dollars, and they are typically used very selectively to target individuals. What the Project Zero team discovered was different:
Earlier this year Google’s Threat Analysis Group (TAG) discovered a small collection of hacked websites. The hacked sites were being used in indiscriminate watering hole attacks against their visitors, using iPhone 0-day.
There was no target discrimination; simply visiting the hacked site was enough for the exploit server to attack your device, and if it was successful, install a monitoring implant. We estimate that these sites receive thousands of visitors per week.
TAG was able to collect five separate, complete and unique iPhone exploit chains, covering almost every version from iOS 10 through to the latest version of iOS 12. This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years.
What Project Zero did not reveal is where these infected websites were located, or what group(s) they were targeting. Now, we apparently know: it was the Chinese government targeting Uyghur Muslims.
★ Monday, 2 September 2019