Apple: Uighurs targeted by iPhone hack, but Google is off base

Big tech firms disagree on scale of cyberattack against China’s Muslim minority – and on the scope of vulnerabilities.

Osaka Hosts The G20 Summit
Though the company confirmed that Uighurs were targeted, Apple refuted Google's analysis that five security flaws caused a 'sustained effort to hack the users of iPhones in certain communities over a period of at least two years' [Takashi Aoyama/Getty Images]

Apple Inc has confirmed that Uighurs, a mostly Muslim minority group considered a security threat by the government of China, were the target of attacks due to iPhone security flaws.

But Apple on Friday disputed the description by rival Alphabet Inc of the effort to track users of smartphones in real time.

Cyber analysts at Google’s Project Zero said last week that five security flaws led to a “sustained effort to hack the users of iPhones in certain communities over a period of at least two years”.

The researchers did not specify the communities affected, but CNN, TechCrunch and other news organisations reported that the attacks had been aimed at monitoring Uighurs. The Reuters news agency recently reported that China hacked Asian telecommunications companies to spy on Uighur travellers.

Apple said on Friday that the attack “was narrowly focused” and affected “fewer than a dozen websites that focus on content related to the Uighur community” rather than the “en masse” hack of iPhone users described by Google researchers.

‘Better defensive strategies’

For its part, Apple also said it fixed the issue in February, within 10 days of being notified by Google.

Apple said evidence suggested that the website attacks lasted only two months, rather than the two years that Google researchers had suggested.

Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time’, stoking fear among all iPhone users that their devices had been compromised,” Apple said in a newsroom post. “This was never the case.”

In a statement, Google said it stood by its findings and would continue to work with Apple and other companies to find and fix flaws.

“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies,” Google said in a statement. “We stand by our in-depth research, which was written to focus on the technical aspects of these vulnerabilities.”

Google and Apple are rivals in the smartphone market, where their Android and iOS operating systems vie for users.

However, Google’s Project Zero team of researchers is focused on finding serious security flaws from a wide range of software and hardware firms, including Apple. Last year, the group played a key part in finding security flaws in chips made by Intel Corp.

Source: Reuters