Last week Google disclosed a large-scale hacking effort that it said targeted users of Apple devices. It was a bombshell story.
But now Apple has gone on the attack - angry in public, and absolutely incensed in private at what is being seen as something of a stitch up. Google is standing by its research.
In a statement posted on Friday, Apple took issue with Google’s characterisation that this was a broad attack on all iPhone users.
"Google’s post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time,' stoking fear among all iPhone users that their devices had been compromised,” it reads.
"This was never the case.”
Apple’s bone of contention isn’t so much about what Google’s Project Zero team included in its report. Rather, Apple is upset about what was left out. The view from Cupertino is that Google’s business interests in China led it to pull back on describing the attack as being targeted at the persecuted Uighur community.
"The sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community.”
Android affected
This perspective is backed up by independent research from Volexity, a cyber-security firm based in Washington DC. It published a report earlier this month looking into the same threat, and stated unequivocally that Uighurs were the target - detailing 11 websites that had been used to carry out the attack.
Most notably, the Volexity report states that as well as Apple’s iOS, Google’s own mobile operating system, Android, was also targeted - a detail that was missing from Google’s research.
Google insists it didn’t know Android was affected - but it’s well aware how it looks.
Tim Willis, a researcher on the Project Zero team, wrote in a tweet that Google’s Threat Analysis Group "only saw iOS exploitation on these sites when TAG found them back in Jan 2019 (and yes, they looked for everything else as well)”.
The independent researchers I’ve spoken to are mostly giving Project Zero the benefit of the doubt on that point. It’s a highly respected group in the cyber-security space, and hasn’t been seen as some kind of weapon against Google’s rivals. Besides, this isn’t exactly the first time it’s found something involving Apple - the group has reported over 200 vulnerabilities to the company to date, most without this kind of fanfare or controversy.
"Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies,” a spokesperson said.
"We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online.”
Skin in the game
But there are big questions about how Google is handling the dreaded “C” word: China. There’s no mention of the country in Project Zero’s research, and a spokesman on Friday wouldn’t tell me if Google had known the Uighurs were being targeted. But given the researchers said they’d identified various web addresses affected, it seems very unlikely that two-and-two were not put together. One of the URLs, to give you an example, was quite clearly a news site aimed at Uighur readers, or at least those interested in their plight.
Google has form in this area. You may remember a story last month regarding China-backed misinformation efforts on Facebook, Twitter and YouTube, designed to sow discord in troubled Hong Kong. Unlike Facebook and Twitter, which stated clearly they felt Beijing was behind the efforts - Google stopped short, saying only that it had removed material related to protests in Hong Kong.
There are also questions for Apple, however. If, as claimed in its statement, Apple knew about the iOS flaw before Google informed them, why did they not properly inform their users? Why, if it knew there were several booby-trapped websites scooping up data on the Uighurs, did it not warn them?
And Apple, like Google, won’t say if they think Beijing is directly responsible. That’s the bigger story here - the extent to which China’s malicious behaviour is being swept under the carpet, because the companies involved have too much skin in the game.
DISCLAIMER: The Views, Comments, Opinions, Contributions and Statements made by Readers and Contributors on this platform do not necessarily represent the views or policy of Multimedia Group Limited.
Latest Stories
-
Gold Fields Ghana Foundation challenges graduates to maximise benefits of community apprenticeship programme
1 hour -
GBC accuses Deputy Information Minister Sylvester Tetteh of demolishing its bungalow illegally
2 hours -
Boost for education as government commissions 80 projects
2 hours -
NAPO commissions library to honour Atta-Mills’ memory
2 hours -
OmniBSIC Bank champions health and wellness with thriving community walk
2 hours -
Kora Wearables unveils Neo: The Ultimate Smartwatch for Ghana’s tech-savvy and health-conscious users
2 hours -
NDC supports Dampare’s ‘no guns at polling stations’ directive
2 hours -
Police officer interdicted after video of assault goes viral
2 hours -
KNUST’s Prof. Reginald Annan named first African recipient of World Cancer Research Fund
2 hours -
George Twum-Barimah-Adu pledges inclusive cabinet with Minority and Majority leaders
3 hours -
Labourer jailed 5 years for inflicting cutlass wounds on businessman
3 hours -
Parliament urged to fast-track passage of Road Traffic Amendment Bill
3 hours -
Mr Daniel Kofi Asante aka Electrician
3 hours -
Minerals Commission, Solidaridad unveils forum to tackle child labour in mining sector
3 hours -
Election 2024: Engagement with security services productive – NDC
3 hours