A few days ago, Google security researchers described a series of exploits that enabled what is probably the largest iPhone hack of all time. Now more details about this unbelievable case became known.
The US blog TechCrunch reports that the Chinese government initiated these attacks against Uighur Muslims. The technology blog cites sources familiar with the matter. The infected websites that made the hack possible in the first place are said to have been part of a "state-sponsored attack". The initiator was China - according to TechCrunch. The hackers targeted the Uighur community in the state of Xinjiang. Forbes also claims to have learned this. According to the report, according to the United Nations, Beijing is said to have held more than a million Uighurs in political re-education camps last year alone. Google's Project Zero team explained in its report that the victims were tricked into opening a link that took them to an infected website. On this website, the malware was used in the form of a digital implant. This focused on stealing various data and uploading current locations.
Not only iPhone users affected
Even the iCloud keychain was no longer secure on compromised devices. In addition to various iPhone models, Android and Windows devices were also affected. When security researchers at Google first documented this attack, it was unclear who it was aimed at. Now reports from Forbes and TechCrunch have provided more details and show that the discovery is far larger than previously thought. The affected websites were part of a campaign aimed at this religious group. However, all visitors were infected - including non-Uighurs.
The sites themselves, which are not named for security reasons, were so popular, according to Google, that they were automatically indexed in Google's search engine. According to recent reports, the FBI has asked Google's parent company Alphabet to remove the affected websites from the search index in order to protect users from further attacks. iPhone users are no longer at risk, as Apple closed the vulnerabilities with the release of iOS 12.1.4 in February of this year. The company has not yet commented on the new reports. (Photo by kentoh / Bigstockphoto)
