The Google post said that hacked websites were used to “indiscriminately” attack individuals who visited them, through numerous critical vulnerabilities in iOS, the operating system that powers iPhones and iPads. These exploits were used to attack as many as thousands of victims per week, according to Google. However, according to Apple’s new statement, Google’s report left out or misrepresented key details.
Targets of attack: Apple’s new statement confirms that the hacking campaign targeted Uighurs, a Muslim minority in China, many of whom live in Xinjiang, a northwestern province where approximately a million people are being held in detention camps. A report last month detailed how Chinese officials put spyware apps on Uighurs’ phones, one of many surveillance techniques the government has used against Uighurs, Tibetans, and other dissidents.
Scale of attack: Apple disputed some key facts in Google’s report, which said that potentially thousands of iPhone users could have been hit every week in a two-year-long hacking campaign.
“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community,” Apple wrote. “Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.”
In a statement replying to Apple’s statement, a Google spokesperson said, “We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities.”
Length of attack: Apple asserted that the campaign lasted “roughly two months” and “not ‘two years’ as Google implies.”
Apple says it fixed the problem shortly after it became aware of it. iPhone users who have updated their phones’ operating systems are protected.
Impact of attack: The overall thrust of Google’s report is not in question. The attack is one of the most serious, and successful, attacks ever perpetrated against iPhones. Not only is the number of people who were affected unclear, but so too is the impact on those individuals.
Amnesty International has detailed what it describe as “an effort by the Chinese government to wipe out religious beliefs and aspects of cultural identity in order to enforce political loyalty for the State and the Communist Party of China.”
Apple, which does a large amount of business in China, never names the country, or the Chinese government, in its statement. Google likewise avoided any such characterizations.