Apple iPhone flaw allowed China to target Uighur Muslims

Stefan Mileschin · 8th May 2021, 14:23

Competition winner

An attack that targeted Apple devices was used to spy on China's Muslim minority -- and US officials claim it was developed for the country's top hacking competition.

The Tianfu Cup offered prizes that added up to over a million dollars. The competition was held in November 2018, shortly after the Chinese banned cybersecurity researchers from attending overseas hacking competitions.

The $200,000 top prize went to Qihoo 360 researcher Qixun Zhao, who showed off a remarkable chain of exploits that allowed him to easily and reliably take control of even the newest and most up-to-date iPhones.

This was mostly thanks to a weakness in the iPhone kernel which meant that a remote attacker could take over any iPhone that visited a web page containing Qixun's malicious code.

Two months later, in January 2019, which was super quick for Jobs' Mob, Apple issued an update that fixed the flaw. There was little fanfare—just a quick note of thanks to those who discovered it. But in August of that year, Google published an extraordinary analysis into a hacking campaign it said was "exploiting iPhones en masse".

Researchers dissected five distinct exploit chains they had spotted "in the wild". These included the exploit that won Qixun the top prize at Tianfu, which they said had also been discovered by an unnamed "attacker".

The Google researchers pointed out similarities between the attacks they caught being used in the real world and Chaos. The victims and the attackers were Uighur Muslims and the Chinese government.

Apple published a rare blog post that confirmed the attack had taken place over two months: that is, the period beginning immediately after Qixun won the Tianfu Cup and stretching until Apple issued the fix.

It turns out that United States government surveillance independently spotted the Chaos exploit being used against Uyghurs, and informed Apple which had decided to rush out a patch.

The Americans concluded that the Chinese essentially followed the "strategic value" plan laid out by Qihoo's Zhou Hongyi; that the Tianfu Cup had generated an important hack and that the exploit had been quickly handed over to Chinese intelligence, which then used it to spy on Uighurs.
https://fudzilla.com/news/mobile/528...uyghur-muslims

8th May 2021, 14:23	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 153,575	Apple iPhone flaw allowed China to target Uighur Muslims Competition winner An attack that targeted Apple devices was used to spy on China's Muslim minority -- and US officials claim it was developed for the country's top hacking competition. The Tianfu Cup offered prizes that added up to over a million dollars. The competition was held in November 2018, shortly after the Chinese banned cybersecurity researchers from attending overseas hacking competitions. The $200,000 top prize went to Qihoo 360 researcher Qixun Zhao, who showed off a remarkable chain of exploits that allowed him to easily and reliably take control of even the newest and most up-to-date iPhones. This was mostly thanks to a weakness in the iPhone kernel which meant that a remote attacker could take over any iPhone that visited a web page containing Qixun's malicious code. Two months later, in January 2019, which was super quick for Jobs' Mob, Apple issued an update that fixed the flaw. There was little fanfare—just a quick note of thanks to those who discovered it. But in August of that year, Google published an extraordinary analysis into a hacking campaign it said was "exploiting iPhones en masse". Researchers dissected five distinct exploit chains they had spotted "in the wild". These included the exploit that won Qixun the top prize at Tianfu, which they said had also been discovered by an unnamed "attacker". The Google researchers pointed out similarities between the attacks they caught being used in the real world and Chaos. The victims and the attackers were Uighur Muslims and the Chinese government. Apple published a rare blog post that confirmed the attack had taken place over two months: that is, the period beginning immediately after Qixun won the Tianfu Cup and stretching until Apple issued the fix. It turns out that United States government surveillance independently spotted the Chaos exploit being used against Uyghurs, and informed Apple which had decided to rush out a patch. The Americans concluded that the Chinese essentially followed the "strategic value" plan laid out by Qihoo's Zhou Hongyi; that the Tianfu Cup had generated an important hack and that the exploit had been quickly handed over to Chinese intelligence, which then used it to spy on Uighurs. https://fudzilla.com/news/mobile/528...uyghur-muslims

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Sites stealing iPhone data reportedly targeted Uyghur Muslims	Stefan Mileschin	WebNews	0	2nd September 2019 15:05
Facebook allowed advertisers to target users interested in Nazism	Stefan Mileschin	WebNews	0	22nd February 2019 08:50
Facebook allowed advertisers to target anti-Semites	Stefan Mileschin	WebNews	0	16th September 2017 09:10
Apple’s iPhone is no longer the best-selling smartphone in China	Stefan Mileschin	WebNews	0	31st January 2017 06:19
Apple loses iPhone exclusivity in China	Stefan Mileschin	WebNews	0	5th May 2016 20:13
Apple rolls out iOS 7.0.5 to iPhone 5s and 5c in China, promises network fixes	Stefan Mileschin	WebNews	0	30th January 2014 09:58
iPhone 5S and iPhone 5C doubled Apple’s market share in China	Stefan Mileschin	WebNews	0	13th December 2013 09:50
iPhone 5C might make Apple top smartphone vendor in China	Stefan Mileschin	WebNews	0	21st August 2013 08:26
Apple experiences a slump in China: iPhone out of China's Top 5	Stefan Mileschin	WebNews	0	12th November 2012 08:55
Apple iPhone Sales Fall in China	Stefan Mileschin	WebNews	0	30th July 2012 10:16