China’s spying of Uighurs on iPhones was already known, but the MIT Review looks back at the circumstances of this piracy, and the methods used by the Chinese state.
It all started at the end of 2018, during the Tianfu Cup, a Chinese hacking competition intended to replace international events like Pwn2Own, where Chinese hackers were no longer allowed to go to other places in Beijing. The Chinese authorities believe that the loopholes found during these international competitions are lost, since they can no longer be used by its intelligence services.
Chaos, a very dangerous flaw
Anyway, in this competition, Qixun Zhao, a security researcher, won the top prize, of $ 200,000, for discovering a series of loopholes that allowed him to easily take control of it. ‘an iPhone, even updated.
Starting from Safari, the hacker had found a flaw in the heart of the operating system of iOS, in its kernel. It allowed to take control of the smartphone, and spy on it, after its user visited a page containing the malicious code.
This kind of very dangerous loophole can be worth millions on the black market. Faced with its potential impact, Qixun Zhao called his find “Chaos”. Two months later, in January 2019, Apple fixed the problem.
China on the move
But the matter does not end there. Google then revealed that a hacking campaign had taken place against the iPhone of the Muslim minority. It is the American intelligence services which would have warned Apple that Beijing had had time to exploit the loophole to monitor the Uyghurs. With Chaos, the Chinese regime had enough to spy on a large number of people. Journalists, dissidents and all those who were not deemed loyal enough were targeted.
Also to discover in video:
The various investigations carried out, both by Google experts and by the American administration, prove that Chaos was at the base of the mass surveillance of the Uighur minority. Only one uncertainty remains, is Qixun Zhao an accomplice or has his work been used without his knowledge? The Chinese researcher obviously denies being linked to this campaign of massive human rights violations, even if the law obliges Chinese citizens to collaborate with spy agencies when they can …
Source: MIT Review