Skip to Content
Computing

Apple says China’s Uighur Muslims were targeted in the recent iPhone hacking campaign

The tech giant gave a rare statement that bristled at Google’s analysis of the novel hacking operation.

An Apple store in Shanghai. Photo: Richard Schneider CC BY NC  2.0
An Apple store in Shanghai. Photo: Richard Schneider CC BY NC  2.0
An Apple store in Shanghai. Photo: Richard Schneider CC BY NC 2.0Photo: Richard Schneider CC BY NC 2.0

In the wake of one of the worst attacks ever against iPhone and iPad security, Apple issued a rare statement on Friday rebutting claims about the attack made by Google in a blog post last week.

The Google post said that hacked websites were used to “indiscriminately” attack individuals who visited them, through numerous critical vulnerabilities in iOS, the operating system that powers iPhones and iPads. These exploits were used to attack as many as thousands of victims per week, according to Google. However, according to Apple’s new statement, Google’s report left out or misrepresented key details.

Targets of attack: Apple’s new statement confirms that the hacking campaign targeted Uighurs, a Muslim minority in China, many of whom live in Xinjiang, a northwestern province where approximately a million people are being held in detention camps. A report last month detailed how Chinese officials put spyware apps on Uighurs’ phones, one of many surveillance techniques the government has used against Uighurs, Tibetans, and other dissidents.

Scale of attack: Apple disputed some key facts in Google’s report, which said that potentially thousands of iPhone users could have been hit every week in a two-year-long hacking campaign. 

“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community,” Apple wrote. “Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.”

In a statement replying to Apple’s statement, a Google spokesperson said, “We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities.”

Length of attack: Apple asserted that the campaign lasted “roughly two months” and “not ‘two years’ as Google implies.”

Apple says it fixed the problem shortly after it became aware of it. iPhone users who have updated their phones’ operating systems are protected.

Impact of attack: The overall thrust of Google’s report is not in question. The attack is one of the most serious, and successful, attacks ever perpetrated against iPhones. Not only is the number of people who were affected unclear, but so too is the impact on those individuals.

Amnesty International has detailed what it describe as “an effort by the Chinese government to wipe out religious beliefs and aspects of cultural identity in order to enforce political loyalty for the State and the Communist Party of China.”

Apple, which does a large amount of business in China, never names the country, or the Chinese government, in its statement. Google likewise avoided any such characterizations.

Deep Dive

Computing

Conceptual illustration of quantum computing circuity, in multiple colors
Conceptual illustration of quantum computing circuity, in multiple colors

Quantum computing has a hype problem

Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.

winning team for Pwn2own 2022
winning team for Pwn2own 2022

These hackers showed just how easy it is to target critical infrastructure

Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.

child outside a destroyed residential building in Kiev
child outside a destroyed residential building in Kiev

Russia hacked an American satellite company one hour before the Ukraine invasion

The attack on Viasat showcases cyber’s emerging role in modern warfare.

Russia is risking the creation of a “splinternet”—and it could be irreversible

If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.