Sources: a number of recently disclosed malicious websites used to hack into iPhones over a two-year period were designed to target Uyghur Muslims in China
A number of malicious websites used to hack into iPhones over a two-year period were targeting Uyghur Muslims, TechCrunch has learned.
TechCrunch Zack Whittaker
Related Coverage
- Report: China used iPhone website exploit attacks to target Uyghur Muslims 9to5Mac · Chance Miller
- iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources Forbes · Thomas Brewster
- An Unprecedented iPhone Hack, a Wi-Fi Leg Implant, and More News Wired · Alex Baker-Whitcomb
- How to Protect Yourself Against a Newly Revealed iPhone Hack Fortune · Lisa Marie Segarra
- Google unearths 2-year-long iPhone spyware attack Financial Times · Tim Bradshaw
- Malicious Websites Have Been Hacking iPhones The Mac Observer · Andrew Orr
- Massive iPhone Hack Uncovered by Google: What You Need to Know Tom's Guide · Richard Priday
- For two years, a handful of websites hacked thousands of iPhones that visited them, getting access to live location data, photos, contacts, and even passwords Wired
- Armed with iOS 0days, hackers indiscriminately infected iPhones for two years Ars Technica · Dan Goodin
- Apple still has work to do on privacy TechCrunch · Natasha Lomas
- iOS Vulnerability Allowed Websites To Extract User Data, Used By China To Target Uyghur Muslims iOS Hacker · Zaib Ali
- Google reveals major iPhone security flaws that let websites hack phones The Verge · Jon Porter
- Google finds ‘indiscriminate iPhone attack lasting years’ BBC · Dave Lee
- Why the latest iPhone hack should worry you no matter what phone you use Android Central · Jerry Hildenbrand
- Google says hackers have put ‘monitoring implants’ in iPhones for years The Guardian · Alex Hern
- Apple's Planned iPhone Unveiling Overshadows Other Big News Fortune · Don Reisinger
- Until Recently, Websites Were Hacking iPhones Newser · Neal Colgrass
- Websites infected iPhones with spyware Associated Press
- Google Discovered Malicious Websites Used to Hack iPhones for Years ExtremeTech · Ryan Whitwam
- Malicious websites were used to secretly hack into iPhones for years, says Google TechCrunch · Zack Whittaker
- Google security team reveals years-long spyware attack on iPhone users Rude Baguette
- This Has Been the Worst Year for iPhone Security Yet VICE
- Implant Teardown — In the earlier posts we examined … Project Zero
- In-the-wild iOS Exploit Chain 1 Project Zero · Ian Beer
- Websites have been quietly hacking iPhones for years, says Google MIT Technology Review · Patrick Howell O'Neill
- Google researchers uncover 2-year iPhone hack tied to malicious websites Washington Post · Taylor Telford
- Google Hackers Reveal Websites Hacked Thousands of iPhone Users Silently for Years Gizmodo · Dell Cameron
- Mass iPhone Hack Is Huge Wake-Up Call for Apple Tom's Guide · Paul Wagenseil
- WhatsApp Security Destroyed By Just Visiting A Website—Why The Latest iPhone Hack Is Terrifying Forbes · Thomas Brewster
- Google uncovers multiple malicious sites that hacked iPhones for years TechnoBuffalo · Babu Mohan
- Google Researchers Find Massive Security Flaw in iPhones Tech.co · Conor Cawley
- Apple is Bad at Software, says Google Security Boulevard · Richi Jennings
- iPhone hack attack: Google says hackers placed ‘monitoring implants’ in iPhones Fox News · James Rogers
- Google security crew sheds light on long-running super-stealthy iOS spyware operation The Register · Shaun Nichols
- Google Warns iPhone Users of Data-Stealing Malware Attacks BleepingComputer · Sergiu Gatlan
- Google highlights iPhone security flaw Financial Times · Chris Nuttall
- Google Security Researchers Uncover ‘Sustained’ Hack on Apple iOS Devices iPhone in Canada Blog · Christopher Baugh
- Google discovers major iPhone security flaw that affected thousands CNBC · Todd Haselton
- Google hackers found malicious websites hacking iPhones HackRead · Sudais
- Unprecedented new iPhone malware discovered Malwarebytes Labs · Thomas Reed
- State-Sponsored Hackers Infected iPhones With Spyware; ‘Most Serious’ Breach Of Its Kind CBS San Francisco
- Massive iPhone Hack Compromised Thousands of Phones Variety · Janko Roettgers
- Google: Malicious sites hacked iPhones for years through unknown exploits SiliconANGLE · Maria Deutscher
- Hackers indiscriminately installed ‘monitoring implants’ in iPhones, Google says FierceWireless · Bevin Fletcher
- Google Uncovers Massive iPhone Attack Campaign Dark Reading · Kelly Sheridan
- Google's Project Zero Team Finds an iOS Exploit Allowing Hackers to tap into conversations through iMessage & more Patently Apple · Jack Purcher
- Google's Elite Hacking Team Reveals Untimely Bug in iPhone Bloomberg · Allison Ingersoll
- Thousands of iPhones attacked just by visiting hacked websites The Daily Dot · Brenden Gallagher
- iPhone Zero-Days Anchored Watering-Hole Attacks Threatpost · Tara Seals
- Google says a bunch of malicious websites have been secretly hacking iPhones for years KnowTechie · Joe Rice-Jones
- Malicious websites have been quietly hacking iPhones for the past couple of years Firstpost Tech
- What You Need to Know About the iPhone Malware News Slate · Josephine Wolff
- Report: Websites hacked iPhones for years Axios · Joe Uchill
- Google says iPhones were vulnerable to hacks from websites for years Pocketnow · Anton D. Nagy
- iOS Vulnerabilities Allowed Attackers to Remotely Hack iPhones for Years SecurityWeek · Ionut Arghire
- Latest iOS Hack is a Game Changer The Mac Observer · Charlotte Henry
- iPhone exploit active “at least two years” detailed by Google SlashGear · Chris Davies
- Google uncovers evidence of large iPhone hacking attempt The Hill · Maggie Miller
- Google says hacked websites were attacking iPhones for years TechSpot · Rob Thubron
- Google lays out iOS malware exploits found in the wild, but already patched by Apple back in February The Loop · Dave Mark
- How to protect yourself against the latest big iPhone security scare (Updated) Apple Must · Jonny Evans
- Google says iPhone security holes went unnoticed for 2 years Cult of Mac · David Pierini
- Hackers used malicious websites to hack iPhones: Passwords, photos, chats, live location exposed International Business Times · Sami Khan
- Hacking Attack Could Have Compromised Hundreds Of Thousands Of iPhones PYMNTS.com
- Google's Project Zero details ‘indiscriminate’ hacking campaign against thousands of iPhones CyberScoop · Jeff Stone
- Update your iPhone's operating system as soon as possible Quartz · Mike Murphy
- Google discovered ‘sustained attacks’ over at least two years against iPhone users Neowin · Jay Bonggolto
- Google has discovered malicious websites targeting iPhone users Gizchina · Abdullah
- Google finds evidence of attempted mass iPhone hack WTKR-TV · Nick Boykin
- Google's Project Zero team uncovers ‘sustained’ hack on Apple iOS devices Inquirer · Chris Merriman
- MAGA: Making Android Great Again? Beyond Search · Stephen E. Arnold
- Google discovered websites that could hack your iPhone just by visiting them Fast Company · Michael Grothaus
- Google exposes massive iPhone hacking operation Telecoms.com · Scott Bicheno
- Google researchers found mass iPhone hack attempt Seeking Alpha · Brandy Betz
- Google researchers found a bunch of malicious sites that quietly hacked iPhones for years Business Insider · Isobel Asher Hamilton
- Google researchers found an iOS security hole was left open for years Pocket-lint · Dan Grabham
- Google says iPhone security flaws let websites hack away for years CNET · Alfred Ng
- Google says hackers have been able to access your iPhone data for years Digital Trends · Mark Jansen
- Google security researcher warns that hackers are using malicious websites to exploit iOS flaws and monitor iPhone users BetaNews · Mark Wyciślik-Wilson
- Google uncovers exploit-laden websites that stole data from iPhones Engadget · Mariella Moon
- Google finds malicious sites pushing iOS exploits for years ZDNet · Catalin Cimpanu
- Google Finds Massive iPhone Vulnerability that Was Exploited for Years Softpedia News · Silviu Stahie
- Thousands of Fully Patched iPhones Exploited for Years, says Google - Who Is the Sophisticated Mystery Attacker? Computer Business Review · Ed Targett
- Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years The Hacker News · Swati Khandelwal
- Google researchers reveal data-stealing, web-based iPhone exploit that was active for years The Next Web · Ravie Lakshmanan
- Google's Project Zero Team Details Malicious Websites That Hacked iPhones for Years iPhone Hacks · Rajesh Pandey
Discussion
-
@neilcybart
Neil Cybart
on x
This TechCrunch article on new developments related to the iPhone hacks via malicious websites is a well-written piece. Genuine reporting. No sensational boilerplate language about Apple. No hidden agenda. https://techcrunch.com/...
-
@thegrugq
Thaddeus E. Grugq
on x
shocked. shocked. who ever could have guessed? 😑🙄 https://twitter.com/...
-
@blowdart
Barry Dorrans
on x
I wonder if telemetry doesn't make it out of China. Remember all the cloud hosting there is ran by a Chinese company under license.
-
@zackwhittaker
Zack Whittaker
on x
Exclusive: Malicious websites used to quietly hack into iPhones over the past two years was an effort by China to target Uyghur Muslims. https://techcrunch.com/...
-
@malwaretechblog
@malwaretechblog
on x
Update: rumor is it was China targeting Uighur Muslims. An authoritarian government targeting dissidents was the most likely explanation, though my first guess would have been a gulf state. https://techcrunch.com/...
-
@perito_inf
@perito_inf
on x
Implant Teardown The implant has access to all the database files (on the victim's phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage. https://googleprojectzero.blogspot.com/ ...
-
@ggreeneva
Greg Greene
on x
This scoop — that the massive hack exploiting multiple zero-day iOS vulnerabilities was likely a state-sponsored Chinese surveillance program — is utterly believable. https://twitter.com/...
-
@stevebellovin
Steven Bellovin
on x
Per https://arstechnica.com/..., the attackers were interested in activity on Tencent. To me, that strongly suggests Chinese internal security agencies are behind the malware. Also, the sites had “thousands of visitors per week”. These days, that's not very many. 1/2
-
@cramforce
Malte Ubl
on x
If Apple allowed browser engine diversity on iOS, then fewer than 100% of iOS users would have been vulnerable over this 2 year period https://www.washingtonpost.com/ ...
-
@ericgeller
Eric Geller
on x
You were very likely not hacked by this. The infected websites received very little traffic, Google said. The news is mostly significant because of how rare iOS zero-days are and because this campaign was indiscriminate, not targeted, raising questions about who did it and why.
-
@alexstamos
Alex Stamos
on x
Many things to learn from this incident, but one is the safety cost of anti-competitive iOS App Store policies. Chrome/Brave/Firefox are required to use the default WebKit/JS. If Apple isn't going to put in the work necessary to protect users then they should let others do so. ht…
-
@lukolejnik
Lukasz Olejnik
on x
The implant was used to steal location data and files like databases of WhatsApp, Telegram, iMessage. So all the user messages, or emails. Copies of contacts, photos, https://googleprojectzero.blogspot.com/ ... https://twitter.com/...
-
@alexstamos
Alex Stamos
on x
It's darkly ironic that Apple is the company that is demonstrating the end point of late-90's fears about Microsoft. ✅Rent seeking via platform control. ✅Content moderation on behalf of autocracies ✅Risk of software monoculture[1] [1] http://blough.ece.gatech.edu/ ...
-
@mikeisaac
Rat King
on x
can someone tell me the rationale of google disclosing all this info but not identifying the sites? is it in fear of drawing people to them? https://www.wired.com/...
-
@malwarejake
Jake Williams
on x
This, plus a hardcoded HTTP IP address is amateur hour. Contrast that with multiple exploit chains and sandbox escapes and it sure sounds like a group with tons of money to buy exploits and little operational experience. So many thoughts right now... https://googleprojectzero.blo…
-
@stshank
Stephen Shankland
on x
A dig from a Googler about Apple's ostensibly security-minded (in part) reason for allowing only its own browser engine on iOS & iPadOS. (Chrome, Firefox, etc. are available on iOS, but unlike on MacOS, Windows, Android, are required to use Apple's WebKit browser engine.) https:/…
-
@rmogull
Rich Mogull
on x
I'm trying to decide if learning of indiscriminate iOS zero day attacks in the wild is just incredibly concerning, or the biggest iOS security news since the launch of the platform: https://googleprojectzero.blogspot.com/ ...
-
@martijn_grooten
Martijn Grooten
on x
There's a lot to say about the iPhone watering hole attacks, but if you work with vulnerable groups in China this, and the fact that P0 talked about “entire populations”, means should you take extra notice of what happened https://googleprojectzero.blogspot.com/ ... https://googl…
-
@alexstamos
Alex Stamos
on x
Remember how everybody lost their mind over Microsoft Palladium? At the time, “huge corporation will use hardware-rooted DRM to censor content choices by end users” seemed the worst-case scenario. That is literally the impact of Apple's DRM in China. https://epic.org/... https://…
-
@reneritchie
Rene Ritchie
on x
Terrific drill-down on a web-based iOS exploit chain. But, I can't find any info on what kind of sites were being used? If they were a tiny cluster in a remote region vs. major multinational, it's a very different threat level. https://googleprojectzero.blogspot.com/ ...
-
@alexhern
Alex Hern
on x
As this has filtered from the security community to the mainstream, something's been lost in translation, so I want to be explicit: this is not an aggressive move by Google, and it's not part of the wider conflict between the two companies. https://www.theguardian.com/ ...
-
@ericgeller
Eric Geller
on x
HUGE mobile security news: Google found malicious websites indiscriminately hacking iPhones using at least 5 separate exploit chains w/ *14* individual 0days. https://googleprojectzero.blogspot.com/ ... This is like finding a live colossal squid at the beach. Just *one* iOS 0day …
-
@zittrain
Jonathan Zittrain
on x
Apple iOS has been considered the most secure smartphone OS. Disconcerting that flaws could be strung together not only to own the phone, but to do it in bulk for all users visiting a compromised/ing web site. https://twitter.com/... https://twitter.com/...
-
@kennethgeers
Kenneth Geers
on x
Strategic iOS Attack —> “rare and intricate chains of code exploited a total of 14 security flaws” https://www.wired.com/...
-
@cynicalsecurity
Arrigo Triulzi
on x
All I am going to say about the iOS exploit chains write up by Project Zero is: “Bloody Hell!”. In the most profound British understatement tone I can muster. https://googleprojectzero.blogspot.com/ ...
-
@savicali
Savic Ali
on x
Privacy is an illusion in digital world. https://twitter.com/...
-
@craiu
Costin Raiu
on x
So, people with access to big chunks of network traffic should probably scout for HTTP POSTs to “/list/suc?name=”. https://googleprojectzero.blogspot.com/ ...
-
@malwaretechblog
@malwaretechblog
on x
This is wild. A group were using hacked websites to indiscriminately exploit iPhones using zero days exploits, and somehow went unnoticed for years. https://googleprojectzero.blogspot.com/ ...
-
@jason_koebler
Jason Koebler
on x
this is crazy crazy crazy crazy crazy. Upends everything I thought I knew about iPhone security. https://www.vice.com/...
-
@_danielsinclair
Daniel Sinclair
on x
Wow. This Project Zero discovery is insane. Some unnamed entity (obviously a government) had 7 Safari 0-days that have been quietly compromising iPhones for years — all the way back to iOS 10. Anyone who visited these unnamed sites were sunk. https://googleprojectzero.blogspot.co…
-
@alexstamos
Alex Stamos
on x
This is a huge find by Google's team. Attribution for these sites is going to be critical to understanding what impact they might have had. https://twitter.com/...
-
@da_667
@da_667
on x
the iOS 0-day/implant that google TAG found just really goes to show you why there is such a big market for iOS 0-days. With the right exposure, its intelligence goldmine that reaps massive dividends.
-
@motherboard
@motherboard
on x
Thousands of iPhones per week have been indiscriminately hacked for YEARS and no one knew: https://www.vice.com/...
-
@howelloneill
Patrick Howell O'Neill
on x
Google's Threat Analysis Group found hacked sites being used in watering hole attacks using five distinct iPhone 0-day exploit chains. The websites had thousands of visitors per week. Project Zero's analysis starts here: https://googleprojectzero.blogspot.com/ ...