The vulnerabilities identified by Google on iOS would have allowed China to spy on members of the Uyghur ethnic group. In addition to iPhone, flaws in mobile Android and Windows have also been exploited to track down this community.
Recently, Futura evoked the discovery of flaws that affected several versions of iOS and therefore many iPhone. Since at least 2016, the hacking took place during the visit of malicious sites and via vulnerabilities of the Safari browser. If Apple deployed patches, the damage was done for many users.
However, according to the site TechCrunch, the Chinese state would have taken advantage of these flaws to spy on the community of Uighurs. This ethnic group based in Xinjiang Province is abused by the authorities because of its religious practice and its desire to maintain its cultural identity. The flaw then allowed Beijing to collect even encrypted messages via WhatsApp, Telegram or iMessage from the iPhone. In addition to this, the authorities were able to recover passwords and geolocate users.
iOS touched, but also Android and Windows
The malicious sites being consulted by the members of this community installed everywhere in the world, they too were hunted down. Still according to TechCrunch, to solve the problem radically, the FBI would have asked Google to de-index the sites in question. But here ... even if an update of iOS 12 distributed in February has plugged the flaw, Chinese authorities have also used other vulnerabilities in Android or Windows to continue their hunt for this community.
According to Forbes, Microsoft is committed to investigate and take the necessary steps to ensure the protection of its customers. For its part, for the moment, Apple has not commented on this case and as for Google, which has detected these vulnerabilities of iOS, it has not communicated on the flaws that affect its mobile OS. The Chinese government remains totally silent on the subject.
The iPhone has been the target of a massive attack for at least two years
Google security researchers have discovered a huge hacking operation targeting iPhone iOS 10-12 via web sites trapped to host malware. The breach was sealed in February by Apple.
Google's security experts discovered that a hacking operation had targeted the iPhone for at least two years, and was using malicious software to access photos, geolocate users, and others via web sites. data. In an article published Thursday, August 29 on the blog of Project Zero Google, experts believe that websites that have been hacked to host these attacks receive several thousand visitors a week. However, they did not specify which sites were affected.
"A simple visit to one of the hacked sites was enough for the operating server to attack your device, and, if successful, install a monitoring program," said Ian Beer, Project Zero. Once installed, the malicious software "will first steal the files and download the geolocation data," he added, adding that he was also able to access encrypted messages shared via applications such as Telegram, WhatsApp and iMessage. Google's instant messaging, Google Hangouts, and Gmail have also been affected, said Ian Beer in this publication, which provides details on how the malware has targeted and exploited the vulnerabilities of the iPhone.
All versions affected since iOS 10
Most of these flaws are in the default Safari web browser, according to Ian Beer, who says the Project Zero team found them in almost every operating system, from iOS 10, to current version iOS12. Once embedded in the iPhone, the malware transmitted captured data, including live geolocation, transmitted every minute. According to Ian Beer, Google informed Apple of these attacks in February, after which the giant Apple has issued a security patch for iOS 12.1.
The iPhone, which has long been Apple's cash cow, saw its turnover drop by 12% in the last quarter compared to last year, and now accounts for less than half of the group's revenues. . Apple is expected to present September 10 its new range of iPhone.