Google’s Project Zero team recently found multiple flaws in iOS that allowed hackers to gain access to an iPhone. The attack involved a small group of websites which targeted visitors’ devices to gain access to their personal information, as well as location data. Besides, the attack could also gather encrypted information from apps such as WhatsApp, iMessage, and Telegram.
According to sources, such websites have been running for two years, during which thousands of visitors possibly accessed them every week. Apple, however, was quick to roll out a fix for the flaw in iOS 12.1.4. Apple revealed in the update that the vulnerability, referred to as ‘memory corruption issues’, was fixed with ‘improved input validation. Hence, iPhone owners are most likely protected against these exploits, as a fix was rolled out for the same with iOS 12.1.4 on February 7.
That said, the perpetrator behind these attacks remained a mystery. Now, thanks to some digging by TechCrunch, it turns out that the culprit behind these attacks was the Chinese government.
The attack was apparently part of a campaign to gather surveillance on a minority Muslim group in China, the Uyghur community, residing in China’s Xinjiang territory. The Chinese government claims that Islamists militants and separatists target the country’s Xinjiang region. Reports indicate that China has forced nearly 2 million people from the Uyghur community and Muslim minorities into camps for indoctrination, prompting activists to call on China to stop such mass detention efforts.
Google revealed in its disclosure that merely visiting the infected sites was enough for the exploit to attack your device. Therefore, even people outside the Uyghur community may have been affected by this state-sponsored spy effort. Key sources also indicate that not only iPhone users were affected by the attack, but even devices running Android and Microsoft’s operating systems. With thousands of visitors accessing such malicious websites, it allowed the Chinese government to capture their private data as well as their location data.