quote:

Apple users are still reeling from the shocking disclosure by Google's Project Zero team that a number of "hacked websites" have been used to attack iPhones for two years. And every single up-to-date iPhone has been vulnerable. Now, two days later, those same 1 billion users face further damning revelations.

I reported the news on Friday [August 30], and said at the time that the clear implication is that the attack targeted a particular geographic or demographic, which, along with the clear sophistication and scale involved, points in the direction of a nation state sponsored threat actor.

Now, according to TechCrunch, "sources familiar with the matter have said that the websites were part of a state-backed attack—likely China—designed to target the Uighur community in the country’s Xinjiang state."

The fact that a nation state is implicated in a mass targeting of Apple's "locked down" devices against a section of its population, and seemingly escaped notice or censure for two years or more, is a devastating shock to the Apple community. If China can do this, then others can as well. And the solid sense of security has been shattered.

quote:

The unprecedented attack on Apple iPhones revealed by Google this week was broader than first thought. Multiple sources with knowledge of the situation said that Google’s own Android operating system and Microsoft Windows PCs were also targeted in a campaign that sought to infect the computers and smartphones of the Uighur ethnic group in China. That community has long been targeted by the Chinese government, in particular in the Xinjiang region, where surveillance is pervasive.

Google’s and Microsoft’s operating systems were targeted via the same websites that launched the iPhone hacks, according to the sources, who spoke on the condition of anonymity.

That Android and Windows were targeted is a sign that the hacks were part of a broad, two-year effort that went beyond Apple phones and infected many more than first suspected. One source suggested that the attacks were updated over time for different operating systems as the tech usage of the Uighur community changed. Android and Windows are still the most widely used operating systems in the world. They both remain hugely attractive targets for hackers, be they government-sponsored or criminal.