Exploited exploits: The missing details of the iPhone hack

The iPhone attack that turned out to be more.

macalope
IDG

Today's Best Tech Deals

Picked by Macworld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Another week, another opportunity to take a look at the lifecycle of an Apple catastrophe.

Last week, out of nothing more than sheer altruism, Google researchers dropped a bombshell report: certain websites have been indiscriminately hacking iPhones for two years by exploiting vulnerabilities in the operating system, hijacking passwords and even gaining the ability to read encrypted messages.

Not good. If you were concerned that no one would report on this, well, where have you been for 30 years?

Also, if you’ve been gone for 30 years, don’t… uh, don’t look at the news. Just… uh, just don’t.

If you check the headlines over at the Forbes contributor network, you might be forgiven for thinking that someone needed to walk over there and reboot it because it seemed to be stuck in a loop.

After writing a piece entitled “Apple Just Gave 1.4 Billion iPad, iPhone Users A Reason To Leave” a week earlier about Apple contractors listening to Siri recordings, Gordon Kelly swooped in to tell us “Apple Just Gave 1.4 Billion Users A Reason To Quit Their iPads, iPhones”. (Tip o’ the antlers to @designheretic.)

According to Kelly:

…now an even bigger scandal may leave the company’s 1.4 billion iPhone and iPad users feeling it is rotten to the core.

The Forbes contributor network and Institute for the Study of Knee-Jerk Reflexivity: leave because of the Apple sensationalism, leave again because of the tired Apple puns.

Kelly’s “contribution” to this story is about as good as we’ve come to expect from him, a graduate of the repeatedly but slowly ramming a golf cart into a placidly cud-chewing bull school of Apple sensationalism.

The story was simply too juicy to leave alone by even non-tech publications, prompting The Independent to warn “iPhones have been having ‘monitoring implants’ installed for years, Google researchers warn.” (Tip o’ the antlers to Matteo)

Well… sorta.

There’s some pretty important context that—surprise!—got glossed over in the rush to report this story. First of all, the sites that were conducting this attack were targeted at a political minority in a specific country. As it turned out, the minority was the Uyghur ethnic group in China. So, unless you were trolling the internet for hot Uyghur singles in your area, you probably weren’t going to be caught up in this.

Second, the attack was certainly robust in terms of its capabilities, but it was not persistent. If you rebooted your phone, the “monitoring implant” was inactivated. Moreover, Google reported the flaw to Apple on February 1st and Apple patched it six days later with the release of iOS 12.1.4.

Which may lead you to wonder why this is all coming out now if it was patched back in February. Well, hold that thought.

But, finally, oh, guess what…

iPhone Hackers Caught By Google Also Targeted Android And Microsoft Windows, Say Sources (Link is to Forbes’ staff cybersecurity reporter, not to anyone in the so-called “contributor network”.)

Multiple sources with knowledge of the situation said that Google’s own Android operating system and Microsoft Windows PCs were also targeted in a campaign that sought to infect the computers and smartphones of the Uighur ethnic group in China.

Google hadn’t provided comment at the time of publication. It’s unclear if Google knew or disclosed that the sites were also targeting other operating systems.

Oh. So Android and Windows were also attacked? Which, duh, like Uyghurs are a notoriously iPhone-loving ethnic minority or something.

Chinese intelligence agent #1: “It is certainly convenient that the Uyghurs as a group only buy iPhones, a phone that has a notoriously smaller market share than Android, is it not?”

Chinese intelligence agent #2: “Yes! Indeed it is! It has made our hacking so much simpler! So… lunch?”

Weird that the little detail that it wasn’t just iPhones didn’t come out when the report was initially released. Here’s another weird coincidence for ya: Google released the “IPHONE HACKED” report the same day that Apple announced the iPhone 11 event. Very strange. Certainly nothing going on there. Why would suggest such a thing? Your pro-Apple biases are clearly showing, Mildred. Please. Please. We like to keep things above board here when we jump on anti-Apple news delivered as part of a competitor’s marketing scheme like a pack of hyenas tearing apart an ibex carcass.

One wonders about the details of the exploits against Android and Windows. Were they as devastating? Have they been patched? Who knows?! What’s important is iPhones were affected. That’s all you need to know.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
  
Shop Tech Products at Amazon