Posted on September 7, 2019 at 11:16 AM
It is widely known that Apple tends to handle security a lot more than Android, which is why it was quite a revelation when Google’s Project Zero recently announced that a new malicious threat could hack iPhones that visit certain websites. The websites in question are not targeting iPhone users specifically, but the members of the Uyghur Muslim community.
Malicious websites can infect iPhones, Google warns
According to Google’s Project Zero team, there were multiple websites offering content related to the Uyghur community, and anyone who visits them would have their device infected with malware. The malware would then be able to take control of the device, steal photos, harvest passwords, and even install additional malicious apps, among other things.
Google’s announcement, posted on August 30th, did not specify which websites are malicious, although Apple provided more details in the last few days.
In fact, Apple called out Google for misleading the public with a report that they consider to be alarmist. According to Apple, Project Zero has made the situation look significantly larger than it is. While the threat is real, and Apple does not deny the malicious websites’ existence, it claims that some details were made to seem more damning than they actually are.
For example, Google’s Project Zero team seems to indicate that the malware has been on the loose for around two years, now. Apple, on the other hand, claims that the real period is much shorter — only two months. In fact, Apple’s announcement issued this Friday indicates that the attack is sophisticated, but also quite narrowly focused, instead of being a broad-based exploit of iPhones worldwide, as Google’s team has indicated.
Furthermore, the attack did not even affect a dozen websites. However, it is true that all of the ones that were affected are featuring Uyghur community-related content. Now, neither company has said it in their statements, but it is quite well-known that the Chinese government has been making moves against the Uyghur Muslim community in China.
According to past reports, over 1 million people in China’s Xinjiang region were detained by the government, and modern technology (such as face recognition) has played a big part in human rights abuses. Not only that, but some reports claim that the government also forced visitors to this region to download malware on their devices so that they would be scanned in search of Islam-related content.
With all of that in mind, it would not be surprising that China had something to do with the new string of malicious websites, particularly since its government is known for collaborations with hacking groups.
Apple already knew about the threat when Google reached out
A security firm known as Volexity issued a report last Monday, detailing a hacking campaign that is targeting Uyghur Muslims in China, stating that 11 websites were compromised and that they are targeting Android devices in a similar way. As for Apple, the tech giant stated that they take security and safety of all of their users extremely seriously and that Google’s post about the malicious websites actually came around six months after the flaws in iOS were patched.
In other words, Google’s claims about mass exploitation or monitoring entire populations in real-time are false, although still quite capable of causing panic among Apple users and damaging the brand’s reputation. Furthermore, the company also pointed out that it fixed the vulnerabilities only ten days after Google initially contacted Apple and notified its developers. This was possible thanks to the fact that Apple started working on fixing the security issues even before Google pointed them out, indicating that the company already knew about them, or that it was notified by another party before Google.
It is noteworthy that the malware in question doesn’t only target iPhone users, and that it can be just as damaging to PC users, as well as Android users.
Google issued its own reply after Apple’s post, stating that Project Zero posts technical research which is designed to improve the understanding of various vulnerabilities in modern security systems. Their work is what leads to new and improved defensive strategies. They added that they stand by their research and their report, indicating that they will not change their initial warning, no matter what Apple says.
However, Google also stated that it would continue to work with Apple, as well as with other leading tech companies, in order to keep people safe online.