Published on September 5th, 2019 📆 | 5420 Views ⚑
0China hacked iPhones and Android devices to target Uyghur Muslims
Some of the sites had the capability to infect both Android phones and iPhones, a source familiar with multiple companies' research on the sites, some of which is not public, confirmed to CNN. It wasn't clear, however, that the sites were capable of hacking both types of phones at the same time.
The findings highlight just how powerful cyberespionage campaigns can be when governments with sufficient resources decide to spy on particular groups by compromising entire categories of websites and indiscriminately hacking the mobile users who access them.
The broad approach of the attacks could easily be repurposed for other groups, like Hong Kong protesters, said Adam Segal, the director of the Digital and Cyberspace Policy program at the Council on Foreign Relations.
"These are all outwardly facing websites, so you would expect that the capacity would be able to do the same to Taiwanese parties or Hong Kong student websites, or any other websites," Segal told CNN.
China has been resoundingly condemned by the international community recently for its treatment of Uyghurs, including putting them under intense, multifaceted surveillance.
Compromised websites include relatively popular Uyghur news sites and learning resources like the online Uyghur Academy.
"If you literally go searching for Uyghur websites, Uyghur news, these are the search results. They picked a pretty good set of targets to go after the Uyghur population," Volexity CEO Steven Adair told CNN.
iPhones also targeted
Volexity's research helps shed light on recent groundbreaking but mysterious research.
The team also described watering hole attacks. But unlike the attacks Volexity documented on Android phones, which exploited known vulnerabilities and wouldn't affect users who had updated their phones to the latest version of Android, the iPhone findings were shocking.
The team found that practically anyone who visited one of a handful of particular websites on an iPhone, generally regarded as one of the safest common devices on the planet, would be at risk of a monitoring implant being installed on their phone. Apple has since patched the vulnerability on all phones with the latest version of the iOS operating system.
Google declined to share who was affected, prompting a minor controversy in the security community. But a source familiar with Google's research confirmed that at least some of the URLs Volexity found targeting Uyghur Android users also went after iPhones.
On Wednesday, a source familiar with Project Zero's research confirmed that some of the URLs it saw overlapped with those in Volexity's report.
Nury Turkel, chairman of the Uyghur Human Rights Project, told CNN that while he had been unaware of the watering hole attacks, they were in line with what he has come to expect from China.
"This is the first time I'm seeing this particular report," Turkel told CNN. "But I can tell you that I am not surprised at this."
"When I was the head of the Uyghur American Association and the Uyghur Human Rights Project, we were constantly attacked. Our websites were shut down at times, and I was personally the target of email-based hacking attempts," Turkel said.
Google and Apple declined to comment on the record for this story.
Gloss