Last week’s Google’s Project Zero’s report has firmly placed Apple on the defensive. Google’s researchers said that iOS was constantly being targeted with a sophisticated attack for two years. Until Google alerted Apple, the attacks didn’t stop. However, Apple has come out in its defence and claimed that Project Zero blew the whole thing out of proportion.
Project Zero is a group at Google whose speciality lies in uncovering zero-day hacks that threaten internet users. According to that group, a large number of websites deployed hacks to install malware that could gain root access on the iPhone. With those hacks, those sites’ operators stole date, phone location and gained access to the end user’s password storage as well. According to Google: “The attacks operated over a period of at least two years and covered almost every version of iOS active during that time”
A press release released by Apple disputed parts of Google’s findings. The main point of contention was the duration of the attack. Instead of the two years as per Google’s Project Zero report, Apple claimed that the attacks only lasted for two months. According to Apple, the company was familiar with those flaws and working towards fixing them. However, this claim is impossible to verify and sounds quite suspect.
According to Apple, the attacks were mainly focused on the Uyghurs, Western China’s group of ethnically Turkic Muslims. The Uyghurs have been constantly persecuted by the Chinese Government for years now. Their religious beliefs in an officially atheist country has been a major source of conflict with the Chinese Government. Methods like iPhone hacks have been regularly used by the Chinese Government to track and investigate the Uyghurs.
Even though Google’s Project Zero is renowned for conducting its business without favouritism, Apple has suggested that Google has tried to make the flaws seem much worse than they actually are. Responding to Apple’s criticism, Project Zero issued a statement where it stood by its “in-depth research which was written to focus on the technical aspects of these vulnerabilities.”
With a new iPhone scheduled to be unveiled this week, Apple is understandably acting more sensitive than usual. Unlike Android’s open source system, Apple’s closed software helps it patch vulnerabilities and weaknesses without everyone knowing about it. Perhaps a major flaw in such a closed system has embarrassed Apple too much to accept it openly.