[ad_1]
SAN FRANCISCO: According to a report released on Tuesday (September 24th), sophisticated Chinese hackers have used an unknown iPhone security flaw to target the ethnic minority of Uighurs.
This was the first detected use of malicious software against exiled Tibetans, who protested against Chinese rule over the mountainous region, requiring a simple click on a mobile device to function, said the experts at Citizen Lab.
The link with the recently disclosed Uyghur campaign suggests that forces likely to work with the Chinese government are stepping up efforts to monitor key minorities, said the non-profit group.
Citizen Lab, based at the University of Toronto, said he had collaborated with the recently established Tibetan CERT to monitor cyber attacks, which occurred between November 2018 and May 2019.
During these attacks, people posing as human rights defenders or journalists contacted Tibetan group personalities via Facebook's WhatsApp email service, according to screenshots published in the Citizen Lab report.
READ: Apple claims that Uyghurs are targeted by an attack on the iPhone but disputes the conclusions of Google
READ: For Uyghur refugees, freedom means losing one's family
By using well-designed cover articles, they have tried to get targets to click on links to websites that have installed spyware on Apple or Android devices.
Tibetans known to have clicked the links were protected by patches that had been released for security breaches and had updated their phones.
Spyware for iPhones was also used to target Uyghurs as part of a campaign discovered by Google's security researchers and leaked this month.
An Apple spokesman said that the attack tools did not work against Tibetans who had updated their iPhone.
"We always encourage our customers to download the latest version of iOS to benefit from the latest and greatest security enhancements," said spokesman Todd Wilder.
China is increasingly criticized by the international community for treating Uighurs in Xinjiang. The group members have been subjected to massive detentions in what China calls "vocational training" centers and extensive state surveillance.
A website hosting the Android tools had also provided malware to Uighur Android phones as part of an operation exposed this month by the Volexity security company, lurking on websites frequented by Uyghurs.
& # 39; NEXUS WITH CHINA & # 39;
The two spying attempts are now conclusively linked, as well as to Tibetan hacking, said Citizen Lab senior researcher Bill Marczak.
"It's probably an operator or a small number of operators working closely together," Marczak said.
"There is a very clear link with China, it does not automatically mean that it is the government, it is a bit difficult to say from a technical point of view. Is likely, "he added.
Uighur hackers included a "water hole" approach, tainting a common Internet gathering place for targets, prompting the Citizen Lab's search for similar infections at sites frequented by the Tibetan community.
They found none, but a similar attack by the Tibetans might have escaped their attention.
"There will definitely be more targets than we do not know," said Lobsang Gyatso, secretary of TibCERT. He added that the group would use the report to raise awareness of tactics and promote better defense.
Google's report on water points has alarmed human rights defenders and security experts because it included an unusual case of using a fault in the area. IPhone to target a large population instead of being reserved for high priority individuals.
Once widely used, loopholes of up to $ 1 million in the digital weapons market may be discovered and become obsolete with new remedies.
Although Tibetans have been targeted by Chinese hackers for many years, Marczak said the new attempts represent a worrying intensification of efforts.
[ad_2]
Source link