What just happened? Last week’s news that a collection of hacked websites were used to infect thousands of iPhones with malicious software has taken another turn. According to new reports, operating systems from both Google and Microsoft were also targeted in what could have been a state-sponsored effort to spy on the Uighur ethnic group in China.
Earlier this year, Google’s Project Zero threat analysis group discovered 12 separate security flaws, seven of which involved the iPhone’s built-in Safari web browser. The five different exploit chains gave attackers root access to a handset, allowing them to steal a huge amount of personal data. After informing Apple of the vulnerabilities on February 1, the iPhone maker fixed the issues with a patch six days later for iOS 12.1.4 for iPhone 5s and iPad Air and later.
While it had been thought the websites only targeted Apple products, Forbes’ sources say devices using Google and Microsoft operating systems could also be infected with monitoring implants when visiting the sites.
Google never said who might be behind the attack, though it did mention that “certain communities” were targeted. According to TechCrunch's sources in China, the websites were part of a state-backed attempt to spy on the Uyghur community in the country's Xinjiang state.
China has been cracking down on the ethnic group in recent times. According to the United Nations, the government forced 2 million Uighurs and Muslim minorities into “political camps for indoctrination” last year.
“The Chinese government has been systematically targeting the Uighur population for surveillance and imprisonment for years. These attacks likely have the goal of spying on the Uighur population in China, the Uyghur diaspora outside of China and people who sympathize with and might wish to help the Uighur in their struggle for independence,” Cooper Quintin, senior staff technologist at the digital rights non-profit group Electronic Frontier Foundation, told Forbes: