The Google post said that hacked websites were used to “indiscriminately” attack individuals who visited them, through numerous critical vulnerabilities in iOS, the operating system that powers iPhones and iPads. These exploits were used to attack as many as thousands of victims per week, according to Google. However, according to Apple’s new statement, Google’s report left out or misrepresented key details.
Targets of attack: Apple’s new statement confirms that the hacking campaign targeted Uighurs, a Muslim minority in China, many of whom live in Xinjiang, a northwestern province where approximately a million people are being held in detention camps. A report last month detailed how Chinese officials put spyware apps on Uighurs’ phones, one of many surveillance techniques the government has used against Uighurs, Tibetans, and other dissidents.
Scale of attack: Apple disputed some key facts in Google’s report, which said that potentially thousands of iPhone users could have been hit every week in a two-year-long hacking campaign.
“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community,” Apple wrote. “Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.”
In a statement replying to Apple’s statement, a Google spokesperson said, “We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities.”
Length of attack: Apple asserted that the campaign lasted “roughly two months” and “not ‘two years’ as Google implies.”
Apple says it fixed the problem shortly after it became aware of it. iPhone users who have updated their phones’ operating systems are protected.
Impact of attack: The overall thrust of Google’s report is not in question. The attack is one of the most serious, and successful, attacks ever perpetrated against iPhones. Not only is the number of people who were affected unclear, but so too is the impact on those individuals.
Amnesty International has detailed what it describe as “an effort by the Chinese government to wipe out religious beliefs and aspects of cultural identity in order to enforce political loyalty for the State and the Communist Party of China.”
Apple, which does a large amount of business in China, never names the country, or the Chinese government, in its statement. Google likewise avoided any such characterizations.
Erik Prince wants to sell you a “secure” smartphone that’s too good to be true
MIT Technology Review obtained Prince’s investor presentation for the “RedPill Phone,” which promises more than it could possibly deliver.
Corruption is sending shock waves through China’s chipmaking industry
The arrests of several top semiconductor fund executives could force the government to rethink how it invests in the sector.
Inside the software that will become the next battle front in US-China chip war
The US has moved to restrict export of EDA software. What is it, and how will the move affect China?
Hackers linked to China have been targeting human rights groups for years
In a new report shared exclusively with MIT Technology Review, researchers expose a cyber-espionage campaign on “a tight budget” that proves simple can still be effective.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.