[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]
|
Status: Not Logged In; Sign In
International News Title: How China turned a prize-winning iPhone hack against the Uyghurs (WOW THIS IS SERIOUS STUFF!!!) (Are our I-phones spying on us?) An attack that targeted Apple devices was used to spy on China’s Muslim minority—and US officials claim it was developed at the country’s top hacking competition. by Patrick Howell O'Neillarchive page May 6, 2021 MS TECH | GETTY Beijing secretly used an award-winning iPhone hack to spy on Uyghurs The United States tracked the attack and informed Apple Tianfu Cup is a “venue for China to get zero-days,” say experts In March 2017, a group of hackers from China arrived in Vancouver with one goal: Find hidden weak spots inside the world’s most popular technologies. Google’s Chrome browser, Microsoft’s Windows operating system, and Apple’s iPhones were all in the crosshairs. But no one was breaking the law. These were just some of the people taking part in Pwn2Own, one of the world’s most prestigious hacking competitions. It was the 10th anniversary for Pwn2Own, a contest that draws elite hackers from around the globe with the lure of big cash prizes if they manage to exploit previously undiscovered software vulnerabilities, known as “zero-days.” Once a flaw is found, the details are handed over to the companies involved, giving them time to fix it. The hacker, meanwhile, walks away with a financial reward and eternal bragging rights. For years, Chinese hackers were the most dominant forces at events like Pwn2Own, earning millions of dollars in prizes and establishing themselves among the elite. But in 2017, that all stopped. One of China’s elite hacked an iPhone…. Virtually overnight, Chinese intelligence used it as a weapon against a besieged minority ethnic group, striking before Apple could fix the problem. It was a brazen act performed in broad daylight. In an unexpected statement, the billionaire founder and CEO of the Chinese cybersecurity giant Qihoo 360—one of the most important technology firms in China—publicly criticized Chinese citizens who went overseas to take part in hacking competitions. In an interview with the Chinese news site Sina, Zhou Hongyi said that performing well in such events represented merely an “imaginary” success. Zhou warned that once Chinese hackers show off vulnerabilities at overseas competitions, they can “no longer be used.” Instead, he argued, the hackers and their knowledge should “stay in China” so that they could recognize the true importance and “strategic value” of the software vulnerabilities. Beijing agreed. Soon, the Chinese government banned cybersecurity researchers from attending overseas hacking competitions. Just months later, a new competition popped up inside China to take the place of the international contests. The Tianfu Cup, as it was called, offered prizes that added up to over a million dollars. The inaugural event was held in November 2018. The $200,000 top prize went to Qihoo 360 researcher Qixun Zhao, who showed off a remarkable chain of exploits that allowed him to easily and reliably take control of even the newest and most up-to-date iPhones. From a starting point within the Safari web browser, he found a weakness in the core of the iPhones operating system, its kernel. The result? A remote attacker could take over any iPhone that visited a web page containing Qixun’s malicious code. It’s the kind of hack that can potentially be sold for millions of dollars on the open market to give criminals or governments the ability to spy on large numbers of people. Qixun named it “Chaos.” Two months later, in January 2019, Apple issued an update that fixed the flaw. There was little fanfare—just a quick note of thanks to those who discovered it. But in August of that year, Google published an extraordinary analysis into a hacking campaign it said was “exploiting iPhones en masse.” Researchers dissected five distinct exploit chains they’d spotted “in the wild.” These included the exploit that won Qixun the top prize at Tianfu, which they said had also been discovered by an unnamed “attacker.” The Google researchers pointed out similarities between the attacks they caught being used in the real world and Chaos. What their deep dive omitted, however, were the identities of the victims and the attackers: Uyghur Muslims and the Chinese government. Post Comment Private Reply Ignore Thread |
|
[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]
|