[ad_1]
<div _ngcontent-c15 = "" innerhtml = "
Getty
Apple users are still shocked by the shocking revelation from Project Zero's Google team that a number of "hacked websites" have been used to attack iPhones in the past two years. & Nbsp; And every updated iPhone is vulnerable. Two days later, these 1 billion users are facing new and overwhelming revelations.
I reported The news of Friday, August 30, and indicated at the time that the obvious implication was that the attack was aimed at a particular geographic location or demographic, which combined with the sophistication and the 39 obvious magnitude of this project, goes in the direction of a state sponsored actor of the threat. & nbsp;
Now, according to TechCrunch"Sources close to the case said that the websites were part of a state-backed attack – probably China – aimed at targeting the Uyghur community in Xinjiang state."
The fact that a nation-state is involved in a massive targeting of "locked" devices from Apple against part of its population, and that it has apparently escaped notice or censorship for two years or more, is a devastating shock for the Apple community. If China can do it, others can too. And the strong sense of security has been broken.
The news was unveiled just as Apple has confirmed the launch date of the upcoming iPhone 11, set for Sept. 10, and the magnitude of the revelations has dramatically reduced the usual luster of its annual event. The nature of hacking also highlights Apple's approach to software development, intrusion tests and patches. And, to the surprise of many, the Cupertino giant has been found missing.
As soon as Google revealed that the hacking "indicated a group making a sustained effort to hack the iPhone users of some communities over a period of at least two years", this implied that China or Russia were probably targeting an ethnic minority within the Union. their respective domains.
And China has always been the most likely culprit. Authorities in Xinjiang, where a million people belonging to the Uyghur Muslim minority would be buried in "recycling camps", have been at the forefront of using surveillance technology to monitor and oppress the population. This includes smartphone monitoring, facial recognition and citizen scoring.
TechCrunch quoted a source as saying that "websites also infected non-Uyghurs who inadvertently accessed these domains as they were indexed in Google search, prompting the FBI to alert Google to remove the index site to prevent infections ".
Google and the law enforcement authorities have not confirmed that the sites were indeed targeting Uyghurs, and some critics have also been reported that Google has not clarified anything at the time of the disclosure. It would have been useful for two reasons. First, there would be a siren call to potentially affected people to check their devices, change their passwords and look for compromises. Second, it would alleviate the concerns of the majority of the 1 billion iPhone users who, in the current state of affairs, could have been affected by the attack. Yes, only "thousands of people a week" were attacked. But what "thousands?"
"There was no target discrimination," said Google, "it was enough to visit the site hacked so that the operating server could attack your device and, if successful, install an implant monitoring." stung the bubble of supposed security superiority of Apple.
Google's research team "has been able to bring together five distinct, complete and unique iPhone exploit chains, covering almost all versions, from iOS 10 to the latest version of iOS 12. This indicated a group doing a sustained effort to hack iPhones users in some communities over a period of at least two years. "
For those whose devices were infected, "the attackers were able to gain highly privileged access to the essential components of the iPhone's operating system." An attack could access photos and messages, steal login credentials and bank passwords, and even location information. & Nbsp; These passwords could have been stored in the system without being deleted when accessing a website.
Now that we are headed to the Uyghurs, the reference to location information takes on added meaning. We know from several Xinjiang data breaches that the authorities are monitoring the location of the population.
Despite this reduction in the attack, Apple still has the problem that it would undermine confidence in the security of the brand. This disclosure is so severe, so damaging, and so intrusive to the nature of the vulnerability, that it will leave users wondering how such a serious range of defects could have been left open.
The other two questions raised by this question are, of course, if these exploits were in place for two years before being discovered, what else can we not know yet? & Nbsp; And was there a similar hack instead of targeted Android devices that were not found or were not disclosed?
More serious questions. Always a glaring lack of serious answers.
">
Getty
Apple users are still shocked by the shocking revelation from Project Zero's Google team that a number of "hacked websites" have been used to attack iPhones in the past two years. And every updated iPhone is vulnerable. Two days later, these 1 billion users are facing new and overwhelming revelations.
I reported the news on Friday [August 30], and stated at the time that the obvious implication was that the attack was aimed at a particular geographic or demographic group, which, with the obvious sophistication and scale involved, goes into the leadership of a threatening actor sponsored by a nation-state.
Now, according to TechCrunch, "sources close to the case said that the websites were part of a state-backed attack – probably from China – aimed at targeting the Uyghur community in the state. from Xinjiang. "
The fact that a nation-state is involved in a massive targeting of "locked" devices from Apple against part of its population, and that it has apparently escaped notice or censorship for two years or more, is a devastating shock for the Apple community. If China can do it, others can too. And the strong sense of security has been broken.
The news was unveiled just as Apple has confirmed the launch date of the upcoming iPhone 11, set for Sept. 10, and the magnitude of the revelations has dramatically reduced the usual luster of its annual event. The nature of hacking also highlights Apple's approach to software development, intrusion tests and patches. And, to the surprise of many, the Cupertino giant has been found missing.
As soon as Google revealed that the hacking "indicated a group making a sustained effort to hack the iPhone users of some communities over a period of at least two years", this implied that China or Russia were probably targeting an ethnic minority within the Union. their respective domains.
And China has always been the most likely culprit. Authorities in Xinjiang, where a million people belonging to the Uyghur Muslim minority would be buried in "recycling camps", have been at the forefront of using surveillance technology to monitor and oppress the population. This includes smartphone monitoring, facial recognition and citizen scoring.
TechCrunch quoted a source as saying that "websites also infected non-Uyghurs who inadvertently accessed these domains as they were indexed in Google search, prompting the FBI to alert Google to remove the index site to prevent infections ".
Google and the law enforcement authorities have not confirmed that the sites were indeed targeting Uyghurs, and some critics have also been reported that Google has not clarified anything at the time of the disclosure. It would have been useful for two reasons. First, there would be a siren call to potentially affected people to check their devices, change their passwords and look for compromises. Second, it would alleviate the concerns of the majority of the 1 billion iPhone users who, in the current state of affairs, could have been affected by the attack. Yes, only "thousands of people a week" were attacked. But what "thousands?"
"There was no target discrimination," said Google, "it was enough to visit the site hacked so that the operating server could attack your device and, if successful, install an implant monitoring." stung the bubble of supposed security superiority of Apple.
Google's research team "has been able to bring together five distinct, complete and unique iPhone exploit chains, covering almost all versions, from iOS 10 to the latest version of iOS 12. This indicated a group doing a sustained effort to hack iPhones users in some communities over a period of at least two years. "
For those whose devices were infected, "the attackers were able to gain highly privileged access to the essential components of the iPhone's operating system." An attack could access photos and messages, steal login credentials and bank passwords, and even access location information. And these passwords could have been stored in the system and not deleted when accessing a website.
Now that we are headed to the Uyghurs, the reference to location information takes on added meaning. We know from several Xinjiang data breaches that the authorities are monitoring the location of the population.
Despite this reduction in the attack, Apple still has the problem that it would undermine confidence in the security of the brand. This disclosure is so severe, so damaging, and so intrusive to the nature of the vulnerability, that it will leave users wondering how such a serious range of defects could have been left open.
Of course, the other two questions that this raises are: if these feats were in place for two years before being discovered, what else is there that we do not know yet? And was there a similar piracy in place that targeted Android devices that was not found or that was not revealed?
More serious questions. Always a glaring lack of serious answers.