Apple users are still reeling from the shocking disclosure by Google's Project Zero team that a number of "hacked websites" have been used to attack iPhones for two years. And every single up-to-date iPhone has been vulnerable. Now, two days later, those same 1 billion users face further damning revelations.
I reported the news on Friday [August 30], and said at the time that the clear implication is that the attack targeted a particular geographic or demographic, which, along with the clear sophistication and scale involved, points in the direction of a nation state sponsored threat actor.
Now, according to TechCrunch, "sources familiar with the matter have said that the websites were part of a state-backed attack—likely China—designed to target the Uighur community in the country’s Xinjiang state."
The fact that a nation state is implicated in a mass targeting of Apple's "locked down" devices against a section of its population, and seemingly escaped notice or censure for two years or more, is a devastating shock to the Apple community. If China can do this, then others can as well. And the solid sense of security has been shattered.
More details and discussion of impacts/implications....
To be clear (not that it's any better) this is a case of China attacking its own citizens. Awful. But once the genie is out of the bottle, who's to say what group is next?
Another reason why I never, ever store my bank information on any website or "pay" application. Sure, it's convenient, but I've never felt like it's really secure.
Posts: 35428 | Location: West: North and South! | Registered: 20 April 2005
Some idealistic computer people have always pushed the notion that modern technology and the decentralized web would usher in an era of freedom from government. At the same time, others have countered this narrative with arguments that digital technology set up a race between independent-minded entrepreneurs who pushed the boundaries of freedom and atomization and well-organized nation states determined to shape the online world toward state goals. My money is on the latter.
Posts: 12759 | Location: Williamsburg, VA | Registered: 19 July 2005
It went beyond Apple devices. This does not come as a surprise.
quote:
The unprecedented attack on Apple iPhones revealed by Google this week was broader than first thought. Multiple sources with knowledge of the situation said that Google’s own Android operating system and Microsoft Windows PCs were also targeted in a campaign that sought to infect the computers and smartphones of the Uighur ethnic group in China. That community has long been targeted by the Chinese government, in particular in the Xinjiang region, where surveillance is pervasive.
Google’s and Microsoft’s operating systems were targeted via the same websites that launched the iPhone hacks, according to the sources, who spoke on the condition of anonymity.
That Android and Windows were targeted is a sign that the hacks were part of a broad, two-year effort that went beyond Apple phones and infected many more than first suspected. One source suggested that the attacks were updated over time for different operating systems as the tech usage of the Uighur community changed. Android and Windows are still the most widely used operating systems in the world. They both remain hugely attractive targets for hackers, be they government-sponsored or criminal.