Report: China Turned Prize-Winning iPhone Hack into a Surveillance Tool Against Uyghur Muslims

Scores of White Hat hackers participate in Problems Compensation Programs and win huge rewards. Typically the exploits are handed over to the concerned visitor and published only afterwards it is stock-still. A new study highlights how the Chinese authorities used a prize-winning iPhone hack and turned information technology into a surveillance tool to spy on Uyghur Muslims.

The exploit allowed the government to take complete control of target phones and thus launch a mass surveillance entrada. Previously, Chinese security researchers used to participate in the Pwn2Own event to observe zilch-24-hour interval vulnerabilities. It is a global event and attracts hundreds of security researchers from across the world.

The CEO of Chinese giant Qihoo 360 unexpectedly accused Chinese participants of existence disloyal to the country.

In an unexpected statement, the billionaire founder and CEO of the Chinese cybersecurity behemothic Qihoo 360—one of the virtually of import technology firms in People's republic of china—publicly criticized Chinese citizens who went overseas to participate in hacking competitions. In an interview with the Chinese news site Sina, Zhou Hongyi said that performing well in such events represented merely an "imaginary" success. Zhou warned that once Chinese hackers show off vulnerabilities at overseas competitions, they can "no longer be used." Instead, he argued, the hackers and their knowledge should "stay in Cathay" then that they could recognize the true importance and "strategic value" of the software vulnerabilities.

Zhou certainly had the attention of the Chinese regime. In 2022 China banned security researchers from attention global events. Before long enough, they came upward with their event called "The Tiafu Cup." The participants were awarded greenbacks prizes amounting to more than than a million dollars.

The countdown event was held in November 2022. The $200,000 elevation prize went to Qihoo 360 researcher Qixun Zhao, who showed off a remarkable chain of exploits that allowed him to easily and reliably have command of even the newest and nigh up-to-date iPhones. From a starting point within the Safari web browser, he constitute a weakness in the core of the iPhone'due south operating system, its kernel. The upshot? A remote aggressor could take over whatever iPhone that visited a web page containing Qixun's malicious code. It's the kind of hack that can potentially exist sold for millions of dollars on the open up market place to give criminals or governments the ability to spy on large numbers of people. Qixun named it "Anarchy."

Apple fixed the flaw in January 2022, ii months afterward it was discovered. Afterward that year, Google released a report pertaining to a hacking campaign. They discovered that iPhones were being hacked in mass and contributed the attack to five exploit chains. This included the exploit that won the top prize in China's cybersecurity event.

The incident is stark. One of China'southward elite hacked an iPhone, and won public acclaim and a large corporeality of money for doing and then. Virtually overnight, Chinese intelligence used it equally a weapon against a besieged minority ethnic group, hitting before Apple could ready the trouble. Information technology was a brazen act performed in broad daylight and with the knowledge that in that location would be no consequences to speak of.

It is alleged that the Chinese followed the "strategic value" plan devised by Qihoo's Zhou Hongyi. In other words, the Tianfu cup had revealed a significant hack. The exploit was handed over to the Chinese intelligence who used it to spy on Uyghurs. Zhou refuted the allegations and claimed the exploit could have been used later the patch. However, both Apple and Google had documented that the exploit was used earlier Apple patched it.

Our Accept

Land-sponsored attacks are not something new. The Chinese government is accused of oppressing Uyghur Muslims human rights for many years. Ideally the government agencies should not meddle with cybersecurity events, and companies like Apple should try to enhance their problems bounty program further.

[via MIT Review]

Source: https://www.iphonehacks.com/2021/05/china-prize-winning-iphone-hack-uyghur-muslims.html

Posted by: dupreysomighten.blogspot.com

Share this post