Last week we reported that the security team of the Project Zero, Google warned iOS users of a vulnerability in Apple's mobile system that has allowed malicious sites for years to hack into the software and access photos, messages and even the location of iPhone users.
As if the attack's level of invasion were not enough, the situation is made even worse by imagining that it may have been encouraged by a government, as reported by TechCrunch. According to the news, sources familiar with the matter said the sites were part of a Chinese-backed attack on the Uighur community living in Xinjiang (northwestern autonomous territory).
Before understanding how the cyber attack against the Uighurs worked, it is important to note that the relationship between this people and the conflicting Chinese state has been over a decade. This is because, however connected the Xinjiang region is to the Chinese territory, Uighurs see themselves culturally and ethnically more closely linked with Central Asia than with the rest of China.
To complicate matters further, the region has witnessed an intense migration of Han Chinese, and several Uighurs have come to complain of discrimination and that their culture has been suppressed by the Chinese state. This, of course, has created discomfort between the Uighur people and the Chinese institutions, which allege that Uighur militants are waging a violent campaign against the country's government.
Understanding the relationship between the two parties, it can be said that attacks via the mobile platform may be part of the latest efforts by the Chinese government to crack down on the minority Muslim community in the region. Last year, Beijing detained more than 1 million Uighurs in concentration camps, according to a UN human rights committee.
More precisely, China could access through the vulnerability thousands of Uighur information, including the exact location of a person in near real time. THE Forbes confirmed that the same sites used to deploy malicious software on iPhones affected users of Android and Windows, meaning whoever started the attack wanted to actually reach as many people as possible.
One of the sources of TechCrunch He said the sites also infected other people's devices (which are not Uighurs) who inadvertently accessed these domains because they were indexed in Google search, prompting the FBI to warn Google of the problem.
As reported, Apple has fixed the vulnerability in iOS 12.1.4, but still wonders if all other avenues of attack have been fixed.
via the loop