Massive iPhone Hack Targeted 1 Billion Users And The Culprit Is A Nation State Actor
While Apple was quick to fix the vulnerabilities when it was alerted about them, we didn't learn last week who had actually carried out the attacks using these previously unknown vectors. Now, thanks to reporting from TechCrunch, we have a good idea of who was behind the scheme and who the targets were. According to the report, the attacks were state-sponsored, with the likely perpetrator being China.
The target of the attacks was the primarily Muslim Uyghur community residing in China's Xinjiang territory (autonomous region). Muslims are a minority in China, and the government has been accused of spying on the community and even placing people in internment camps. The Chinese government's efforts to infiltrate the Uyghur community were aided by the iOS vulnerabilities with devastating effects.
With "thousands of visitors" accessing malicious website, not only was their private data captured, but their location data was also made visible, allowing them to be tracked on command by the Chinese government. While the Uyghur community was the primary target, anyone that visited the malicious websites put their personal data and location details at risk.
If you have an iPhone in your possession, the chances are that you are already protected against the iOS and Safari exploits. After Apple was notified in early February 2019 of the vulnerabilities, they were fixed with iOS 12.1.4 on February 7th.
The most currently public release of Apple's mobile operating system is 12.4.1. Apple's next generation iOS 13 will be released to the public later this month following the launch of this year's family of iPhones.
