iPhone hack site also attacked Android phones and Windows PCs

The iPhone hacks sites also contain exploits for leaks in Android phones and Windows PCs. That reports Forbes based on anonymous sources. The attacks are said to target a minority group in China.

According to Forbes sources, the site’s administrators switched exploits if the group the hackers wanted to target started using other devices to get online. The hackers are said to be employed by the Chinese government; the group they wanted to target are Uyghurs, Techcrunch reports. Eleven million Uyghurs live in China’s Xinjiang region. This Muslim group has been hunted by the Chinese government for years.

Last week, security researchers at Google revealed the existence of the sites. They made it possible to spy on iPhones as soon as users just visited the site. This required no action from the users themselves. The Google TAG researchers found five unique iPhone exploit chains that penetrated virtually all versions from iOS 10 up to iOS 12. The attackers made use of various vulnerabilities, including a zero-day whose existence was not yet known.

It is still unknown on which sites the code ran. Apple, Google and Microsoft have all not yet publicly responded to information that their operating system was part of the campaign to eavesdrop on devices. Because Forbes relies on anonymous sources, it is unknown which vulnerabilities the Chinese government would have used in the hacks for Android and Windows. In iOS, there were seven vulnerabilities in the iPhone browser, five vulnerabilities in the kernel, and two sandbox escapes. At least one of the vulnerabilities was unknown at the time of discovery, according to the Google researchers. Google notified Apple of this on February 1, and gave a one-week deadline for patching it. That resulted in the arrival of iOS 12.1.4 on February 7 this year.