Google stated last month that hackers exploited iPhone devices for at least two years. However, Apple and researchers suggest that Google has lied. | Photo by Josh Edelson / AFP
At the end of last month, Google’s elite security analyst team Project Zero released a report on 14 different iPhone security flaws that were secretly exploited by hackers for at least two years. However, new information released by Apple and cybersecurity researchers suggests that Google lied about some parts of the iPhone breach.
CCN reported in August that the hackers used watering hole attacks against iPhone users and installed monitoring implants to the victims’ devices when they had visited websites infected by the attackers.
According to the Google researchers, the infected websites received thousands of visitors every week while the hackers managed to cover almost every version of Apple’s mobile operating system from iOS 10 to the latest version of iOS 12.
Researchers say hackers were targeting Uyghur Muslims instead of all iPhone users
While Google stated that the hackers attacked iPhone users indiscriminately, RiskIQ Head of Threat Research Yonathan Klijnsma argued that the malicious code on the infected sites used filters, preventing it from running unless certain conditions were met.
Furthermore, a TechCrunch article earlier this month revealed that part of the malicious sites was targeting Uyghur Muslims and suggested that these websites were a part of a state-backed attack by China in an effort to crack down against the minority community.
In fact, cybersecurity firm Volexity published a recent report confirming the same, highlighting a similar hacker campaign but with the difference of targeting Android users instead of iOS users.
Klijnsma told ZDNet that RiskIQ’s Passive Total platform shows that during the attack launched against the Uyghurs on Android – from which he stated that it was in tune with the iPhone attacks – the payload used by the hackers was only triggered 166 times,