Apple implies iPhones were hacked to spy on China’s Uyghur Muslims

Seeing through the news.
Seeing through the news.
Image: Quartz/Mike Murphy
We may earn a commission from links on this page.

Apple hit back today at claims from Google researchers that iPhone owners were indiscriminately vulnerable to being hacked.

Security researchers at Google revealed on Aug. 29 that iOS, the operating system that Apple’s iPhones, iPads, and iPods run on, were susceptible to a security flaw that could theoretically allow hackers to “steal private data like iMessages, photos and GPS location in real-time” off of devices, just by visiting infected websites.

Apple’s response, posted on its site, indicates that the vulnerability, as Google described, was found on only about a dozen websites (which, if you keep your iOS up-to-date, you will be protected from) that “focus on content related to the Uyghur community.”

Google chose not to name the websites that had been affected, and Apple’s acknowledgement of the affected sites seems to suggest that this action, as experts expected, was likely the result of a nation-state looking to spy on a specific populace.

The Chinese government, which generally restricts and monitors internet traffic in the Middle Kingdom, has reportedly been hacking telecoms networks, and smartphones, to track the whereabouts of Uyghur Muslims in India, Kazakhstan, Malaysia, Turkey, and Thailand. The countries are often used by Uyghurs as stopovers on the way to the Xinjiang region of China. According to human-rights researchers, Chinese authorities are holding upwards of 1 million Uyghur Muslims in the region in supposed “re-education” camps.

Information on what’s happening in the camps is sparse, but reports of prison-like conditions, forced pledges to the Chinese Communist Party, and renunciation of Islam have emerged.

Google didn’t comment on whether its research showed if Android software, produced by the company, would have also been vulnerable visiting those same websites. But it did state the following:

“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies. We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.”

Apple wasn’t immediately available to comment on why it chose to name the affected community.

This story has been updated with Google’s response.