Apple users are still reeling from the shocking disclosure by Google’s Project Zero team that a number of “hacked websites” have been used to attack iPhones for two years. And every single up-to-date iPhone has been vulnerable. Now, two days later, those same 1 billion users face further damning revelations.
I reported the news on Friday [August 30], and said at the time that the clear implication is that the attack targeted a particular geographic or demographic, which, along with the clear sophistication and scale involved, points in the direction of a nation state sponsored threat actor.
Now, according to TechCrunch, “sources familiar with the matter have said that the websites were part of a state-backed attack—likely China—designed to target the Uighur community in the country’s Xinjiang state.”
The fact that a nation state is implicated in a mass targeting of Apple’s “locked down” devices against a section of its population, and seemingly escaped notice or censure for two years or more, is a devastating shock to the Apple community. If China can do this, then others can as well. And the solid sense of security has been shattered.
The news was disclosed just as Apple confirmed its September 10 launch date for the upcoming iPhone 11, and the scale of the revelations have put a massive dent in the usual gloss of its annual event. The nature of the hack also shines a light on Apple’s approach to software development and penetration testing and patching. And, to many’s surprise, the Cupertino giant has been found wanting.