Skip to main content

Report: China used iPhone website exploit attacks to target Uyghur Muslims

A few days ago, Google Project Zero security researchers detailed a chain of malicious website exploits targeting iPhone users. Now, TechCrunch reports that the Chinese government used these attacks to target Uyghur Muslims.

Citing sources familiar with the matter, TechCrunch says that the malicious websites used to hack into iPhones, first detailed by Google, were part of a “state-backed attack,” likely from China, designed to “target the Uyghur community in the country’s Xinjiang state.”

The report goes on to detail that according to United Nations data, Beijing has detained “more than 1 million Uyghurs in internment camps” over the last year.

Google researchers first explained that the victims were tricked into opening a link which would direct them to an infected webpage. On that webpage, the malware was deployed. The implant “primarily focused on stealing files and uploading live location data,” as often as every 60 seconds. Because the end device itself had been compromised, services like iMessage were also affected, researchers said.

When Google security researchers first detailed this attack, it was unclear who it was specifically targeting. TechCrunch’s report now provides more detail on that.

The websites were part of a campaign to target the religious group by infecting an iPhone with malicious code simply by visiting a booby-trapped web page. In gaining unfettered access to the iPhone’s software, an attacker could read a victim’s messages, passwords, and track their location in near-real time.

The report adds that the websites in question would also infect non-Uyghurs who happened to visit the infected website. The domains were indexed in Google search results, which made it relatively easy for anyone to stumble upon them.

Apple closed the vulnerability taken advantage of here with the release of iOS 12.1.4 back in February. Apple has not yet commented on these new reports detailing the scope and target of the attacks.

FTC: We use income earning auto affiliate links. More.

Jamf
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Subscribe to 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications