How he turned China into an award-winning iPhone hack against Uighurs
[ad_1]
In March 2017, a group of hackers from China arrived in Vancouver with a goal: to find hidden weaknesses within the world’s most popular technologies.
Google’s Chrome browser, Microsoft’s Windows operating system, and Apple’s iPhones all intersected. But no one broke the law. These were some of the people who took part in Pwn2Own, one of the most prestigious hacking competitions in the world.
It was the 10th anniversary for Pwn2Own, a competition that attracts elite computer pirates from around the world with the lure of big prizes if they manage to exploit undiscovered software vulnerabilities, known as “zero days”. Once a bug is found, the details are left to the participating companies to give them time to fix it. Meanwhile, the hacker gets away with the economic reward and the right to be proud forever.
Over the years, Chinese hackers have been the main forces in events like Pwn2Own, earning millions of dollars in prizes and ranking among the elites. In 2017, everything stopped.
In an unexpected statement, Qihoo 360 is the founder and CEO of China’s Chinese cybersecurity giant – one of China’s leading technology companies – publicly criticized Chinese citizens went overseas to participate in hacking competitions. In an interview with the Chinese news site Sina, Zhou Hongyi said that doing well in such events meant nothing more than “imaginary” success. Zhou warned that when Chinese hackers show weaknesses in foreign competitions, “they can no longer be used.” Instead, he argued that hackers and their knowledge should be “in China” in order to recognize the real importance and “strategic value” of software vulnerabilities.
Beijing accepted it. Soon, the Chinese government prohibited cybersecurity researchers attend hacking competitions abroad. A few months later, a new competition was created in China to take the place of international competitions. The Tianfu Cup, as it was called, offered prizes of more than a million dollars.
The opening ceremony took place in November 2018. The $ 200,000 grand prize went to Qihoo 360 researcher Qixun Zhao, who highlighted chain Even the latest and most up-to-date iPhones can easily and reliably take advantage of exploits. From the starting point of the Safari web browser, he found a vulnerability in the core of the iPhones operating system, at its core. The result? A remote attacker could take any iPhone that visited a website with a malicious code in Qixun. It is a type of hack that can be sold for millions of dollars in the open market to give criminals or governments the ability to spy on a large number of people. Qixun named it “Chaos.”
Two months later, in January 2019, Apple released an update that fixed the bug. There was little fuss, just a note thanking those who found it.
But in August of that year Google released one extra analysis he said in a hacking campaign that he was “massively exploiting iPhones”. The researchers identified five chains of exploitation that they identified as “wild”. Among them, they mentioned the exploitation that won the Qixun Tianfu Grand Prix, which was also found by an unnamed “attacker”.
Google researchers pointed to similarities between attacks used in the real world and Chaos. What ruled out their deep immersion, however, was the identity of the victims and the attackers: the Uyghur Muslims and the Chinese government.
Oppression campaign
China has done it for the last seven years he committed human rights violations against Western Uyghurs and other minority groups in western Xinjiang province. Well-documented aspects of the campaign include areas of detention, mandatory systematic sterilization, organized torture and rape, a unique effort of forced labor and care. Beijing officials say China is fighting “terrorism and extremism,” but the United States, among other countries, he has called the actions genocide. The abuses coincide with unprecedented high technology oppression campaign which are dominated by Uighur lives, based in part on hacking campaigns.
Extracting Uyghurs from China is very aggressive, it is effective global, extending beyond the borders of the country. It is aimed at journalists, dissidents and anyone who raises suspicions that Beijing is not loyal enough.
Shortly after Google investigators reported the attacks, the media reported reports he linked the points: the targets of the campaign that used the exploitation of chaos were Uyghurs, and the hackers were linked to the Chinese government. Apple posted a weird blog message which confirmed that the attack took place in two months: that is, the period that Qixun won the Tianfu Cup immediately began and was extended until Apple gave the repair.
[ad_2]
Source link