Apple and users are in disbelief when the news about a sustained hack on iPhones broke last week. According to Forbes, the incident revealed by Google’s Project Zero has been going on for two years.
The report says that the attack used “hacked websites” attacking iPhones. Users only had to click on a redirect link to have their devices infected. The report says that the hack affected around 1 billion Chinese users.
Hackers updated the malware as Apple sent updates to its devices. This allowed the campaign to infiltrate even up-to-date OSes
The hackers extracted data from the devices including contact information, media files, GPS location and chat logs. It reportedly stole data from Instagram, Telegram, WhatsApp, Gmail and Hangouts.
Forbes cybersecurity reporter Zak Doffman says that the attack is aimed at a specific geographic area or a particular demographic. It also utilized sophisticated techniques and equipment to reach such a large-scale and long-term assault. Doffman notes that this “points in the direction of a nation state-sponsored threat actor.”
Citing TechCrunch’s report, Doffman added that sources report that the websites were “part of a state-backed attack.” The state in question is likely to be China. The source also said that the cyberattack is “designed to target the Uyghur community” located in Xinjiang state in China.
According to TechCrunch, the campaign may be part of the Chinese government’s campaign cracking down on its Muslim minority.
Doffman also notes that the attack seemed to escape detection for a minimum of two years or even longer. This also puts into question the security of the devices.
Known as “locked down” devices, iPhones have developed the reputation of being overly secured and protected. However, recent reports this year has been putting the spotlight on the supposedly “locked down” phones.
Other devices attacked
The initial revelation by Google’s Project Zero team says that the attack targeted iPhone users in the Xinjiang state. However, a report by TechRadar revealed that other smart devices on the Android and Windows platforms were also assaulted.
With more platforms within the coverage of the campaign, it seems that the attack is much larger than previously thought.
Meanwhile, Apple has addressed the issue in February once Google privately informed the tech giant about the vulnerability. On Microsoft’s part, the firm says that it has not received any notice from Google. However, Microsoft said that it will investigate the matter and will act accordingly.