Alarming news came out of Silicon Valley late last month, when Google discovered sustained hacking efforts being carried out against iPhone users over a period of several years. In a series of posts (https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html ) from a member of Project Zero, Google’s cybersecurity division, the extent and the targets of the attack are analyzed –the victims were iPhone users with versions of iOS from 10 to 12, the latest. The malware was hidden on a number of websites that infected users’ devices, principally when using the Safari browser.
Apple, however, was quick to retaliate to Google’s report, which it claimed had mischaracterized the event; this was not an instance of a random attack against people unlucky enough to visit the websites which had the malware set up as a booby-trap. In a statement, the company said: “Google’s post, issued six months after iOS patches were released, creates the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time,’ stoking fear among all iPhone users that their devices had been compromised. This was never the case.”
Unlike Google, Apple was fully willing to state who the attack had been intended against. “”The sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community.”
As Google did not mention the victims of the malware, it naturally did not disclose as to who was responsible. Yet there is, of course, only one faction that has sought to monitor and aggressively control the Uighur people, a community of Turkic people scattered across Central and Eastern Asia, the majority of whom are adherents of Sunni Islam. The treatment of the Uighur people at the hands of Xi Jinping’s government has made international headlines, especially due to the forced incarceration of hundreds of thousands of people in the Chinese government’s re-education camps. These facilities, which are highly reminiscent of the concentration camps of Hitler’s Germany or the gulags of the Soviet Union, remain largely closed to the outside world – access to foreign media has been infrequent and highly restricted. International outcry against China’s actions largely stemmed from the inmates being forced to speak Chinese, abandon their religious beliefs, and submit to enough government propaganda to constitute brainwashing.
That the Uighur community had been specifically targeted was verified by Volexity, a Washington-based cybersecurity firm. Volexity found that it was not only iPhone users who had been affected, with a number of Android devices suffering a similar fate. The fact that Android, a Google-affiliated operating system, had been affected was not mentioned in Google’s own report.
Google has some prior form in refusing to explicitly name China as an offensive cyber actor. During the initial Hong Kong protests, a series of pro-government misinformation efforts were unleashed on social media; while Facebook and Twitter executives publicly stated that they were confident that Beijing’s state bodies were responsible, Google guardedly released its own statement in which it said it would simply remove some published material pertaining to the civil unrest.
Yet Apple, although pointing out the fact that Google has not named the Uighur people as the victims of the malware, has also not explicitly named China as the aggressor. And with China serving as such a massive market for both companies, it is unlikely that either will risk pointing the finger at Beijing.