Malicious websites that hacked into iPhones over 2-year period targeted Uyghur Muslims in China: Report

A number of malicious websites that were recently reported to have been secretly hacking into iPhones over a two-year period were in fact targeting Uyghur Muslims, Zack Whittaker of TechCrunch reports today.

Android and Windows users were also targeted in the same watering hole attacks affecting iPhone users, Thomas Brewster later reported at Forbes.

The entity which would be presumed most likely behind such an attack is the government of China, or an entity working for the government's interests -- so there's been much speculation the attacker is China.

Some questions remain. Exactly what the FBI's role in this remains unknown. And were Android users also targeted by the same campaign?

— Zack Whittaker (@zackwhittaker) September 1, 2019

But no proof in the code found. And some doubt it was China.

Good reporting by Techcrunch here. Not PR for Apple or China, or conspiracy mongering.

Read the TechCrunch article, and check out some of the analysis on Twitter below from infosec folks.

[via Techmeme, images: Shutterstock]

New: @iblametom has confirmed that Android and Windows users were *also* targeted in the same watering hole attacks affecting iPhone users. https://t.co/RV3NCOoRMY

— Zack Whittaker (@zackwhittaker) September 1, 2019

I'm going to be the odd one here and say this isn't right. So far China has had complete control of the Uyghurs using physical means and coercion. Their entire lives are controlled so why go this route when you will get burned (china doesn't like people knowing internal stuff)

— Daniel Cuthbert (@dcuthbert) September 1, 2019

I cannot find anywhere in this article *any* sourcing for the assertion the hack was by China, or to target Uyghur Muslims.

* Did someone on Project Zero *say* that? Not in the article.
* Was there some content in the notice which *says* that?

Where did you get this from?

— Robert Rutledge (@rerutled) September 1, 2019

Uyghur muslims, the poortest ethnic group in China, running around with shinny new iPhones? Plus they are already under heavy surveillance.

The Chinese already make them install spyware by force. See 2017 story: https://t.co/pQZBfY4N4u https://t.co/n7cgVyI0NV

— Matt Suiche (@msuiche) September 2, 2019

Ok, so back to infosec now: @zackwhittaker published a s story claiming those ZOMG iOS 0day chains were being used by the Chinese government to target Uyghur muslims. There are doubters, but his story lines up with what I've heard as well. Just sayin'..https://t.co/4K6mSINYVr

— Patrick Gray (@riskybusiness) September 2, 2019

I wonder if telemetry doesn’t make it out of China. Remember all the cloud hosting there is ran by a Chinese company under license.

— Barry Dorrans (@blowdart) September 1, 2019

This TechCrunch article on new developments related to the iPhone hacks via malicious websites is a well-written piece. Genuine reporting. No sensational boilerplate language about Apple. No hidden agenda. https://t.co/6CPJfv9wFM

— Neil Cybart (@neilcybart) September 1, 2019

New - iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sourceshttps://t.co/VCPVk4UQLp

— Thomas Brewster (@iblametom) September 1, 2019

This TechCrunch article on new developments related to the iPhone hacks via malicious websites is a well-written piece. Genuine reporting. No sensational boilerplate language about Apple. No hidden agenda. https://t.co/6CPJfv9wFM

— Neil Cybart (@neilcybart) September 1, 2019