Skip to Content
Computing

Apple says China’s Uighur Muslims were targeted in the recent iPhone hacking campaign

The tech giant gave a rare statement that bristled at Google’s analysis of the novel hacking operation.

An Apple store in Shanghai. Photo: Richard Schneider CC BY NC  2.0
An Apple store in Shanghai. Photo: Richard Schneider CC BY NC 2.0Photo: Richard Schneider CC BY NC 2.0

In the wake of one of the worst attacks ever against iPhone and iPad security, Apple issued a rare statement on Friday rebutting claims about the attack made by Google in a blog post last week.

The Google post said that hacked websites were used to “indiscriminately” attack individuals who visited them, through numerous critical vulnerabilities in iOS, the operating system that powers iPhones and iPads. These exploits were used to attack as many as thousands of victims per week, according to Google. However, according to Apple’s new statement, Google’s report left out or misrepresented key details.

Targets of attack: Apple’s new statement confirms that the hacking campaign targeted Uighurs, a Muslim minority in China, many of whom live in Xinjiang, a northwestern province where approximately a million people are being held in detention camps. A report last month detailed how Chinese officials put spyware apps on Uighurs’ phones, one of many surveillance techniques the government has used against Uighurs, Tibetans, and other dissidents.

Scale of attack: Apple disputed some key facts in Google’s report, which said that potentially thousands of iPhone users could have been hit every week in a two-year-long hacking campaign. 

“First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community,” Apple wrote. “Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.”

In a statement replying to Apple’s statement, a Google spokesperson said, “We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities.”

Length of attack: Apple asserted that the campaign lasted “roughly two months” and “not ‘two years’ as Google implies.”

Apple says it fixed the problem shortly after it became aware of it. iPhone users who have updated their phones’ operating systems are protected.

Impact of attack: The overall thrust of Google’s report is not in question. The attack is one of the most serious, and successful, attacks ever perpetrated against iPhones. Not only is the number of people who were affected unclear, but so too is the impact on those individuals.

Amnesty International has detailed what it describe as “an effort by the Chinese government to wipe out religious beliefs and aspects of cultural identity in order to enforce political loyalty for the State and the Communist Party of China.”

Apple, which does a large amount of business in China, never names the country, or the Chinese government, in its statement. Google likewise avoided any such characterizations.

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

VR headsets can be hacked with an Inception-style attack

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.