Skip to main content

Sources say China used iPhone hacks to target Uyghur Muslims

A number of malicious websites used to hack into iPhones over a two-year period were targeting Uyghur Muslims, TechCrunch has learned.

Sources familiar with the matter said the websites were part of a state-backed attack — likely China — designed to target the Uyghur community in the country’s Xinjiang state.

It’s part of the latest effort by the Chinese government to crack down on the minority Muslim community in recent history. In the past year, Beijing has detained more than a million Uyghurs in internment camps, according to a United Nations human rights committee.

Google security researchers found and recently disclosed the malicious websites this week, but until now it wasn’t known who they were targeting.

The websites were part of a campaign to target the religious group by infecting an iPhone with malicious code simply by visiting a booby-trapped web page. In gaining unfettered access to the iPhone’s software, an attacker could read a victim’s messages, passwords, and track their location in near-real time.

Apple fixed the vulnerabilities in February in iOS 12.1.4, days after Google privately disclosed the flaws. News of the hacking campaign was first disclosed by this week.

These websites had “thousands of visitors” per week for at least two years, Google said.

Victims were tricked into opening a link, which when opened would load one of the malicious websites used to infect the victim. It’s a common tactic to target phone owners with spyware.

One of the sources told TechCrunch the websites inadvertently infected iPhone users not intended to be targeted, prompting the FBI to alert Google to ask for the site to be removed from its index to prevent infections, they added.

A Google spokesperson would not comment beyond the published research. A FBI spokesperson said they could neither confirm nor deny any investigation, and did not comment further.

Google faced some criticism following its bombshell report for not releasing the websites used in the attacks. The researchers said the attacks were “indiscriminate watering hole attacks” with “no target discrimination,” noting that anyone visiting the site would have their iPhone hacked.

But the company would not say who was behind the attacks.

Apple did not comment. An email requesting comment to the Chinese consulate in New York was unreturned.



from Apple – TechCrunch https://ift.tt/2ZH5pPx

Comments

Popular posts from this blog

Thousands of cryptocurrency projects are already dead

Two sites that are actively cataloging failed crypto projects, Coinopsy and DeadCoins , have found that over a 1,000 projects have failed so far in 2018. The projects range from true abandonware to outright scams and include BRIG , a scam by two “brothers,” Jack and Jay Brig, and Titanium , a project that ended in an SEC investigation. Obviously any new set of institutions must create their own sets of rules and that is exactly what is happening in the blockchain world. But when faced with the potential for massive token fundraising, bigger problems arise. While everyone expects startups to fail, the sheer amount of cash flooding these projects is a big problem. When a startup has too much fuel too quickly the resulting conflagration ends up consuming both the company and the founders and there is little help for the investors. These conflagrations happen everywhere are a global phenomenon. Scam and dead ICOs raised $1 billion in 2017 with 297 questionable startups in the mix. The

Dance launches its e-bike subscription service in Berlin

German startup Dance is launching its subscription service in its hometown Berlin. For a flat monthly fee of €79 (around $93 at today’s exchange rate), users will get a custom-designed electric bike as well as access to an on-demand repair and maintenance service. Founded by the former founders of SoundCloud and Jimdo , the company managed to raise some significant funding before launching its service. BlueYard led the startup’s seed round while HV Capital (formerly known as HV Holtzbrinck Ventures) led Dance’s €15 million Series A round, which represented $17.7 million at the time. E-bike subscription service Dance closes $17.7M Series A, led by HV Holtzbrinck Ventures The reason why Dance needed so much capital is that the company has designed its own e-bike internally. Called the Dance One, it features an aluminum frame and weighs around 22kg (48.5lb). It has a single speed and it relies on its electric motor to help you go from 0 to 25kmph. And the best part is that you