Apple is angry at Google and Back at "hack claims"
But now Apple has launched into the attack: angry in public and absolutely outraged in private for what looks like a kind of stitch. Google supports your research.
In a statement released on Friday, Apple disagreed with Google's characterization that it was a widespread attack on all iPhone users.
"The Google publication, issued six months after the release of the iOS patches, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time', fueling fear among all iPhone users that their devices had been compromised. " it reads.
"This was never the case."
Apple's point of discussion is not so much about what the Google Zero Project team included in its report. Rather, Apple is upset about what was left out. Cupertino's opinion is that Google's commercial interests in China led him to back down by describing the attack as directed at the persecuted Uyghur community.
"The sophisticated attack had a limited focus, not a broad exploitation of 'mass' iPhones as described. The attack affected less than a dozen websites that focus on content related to the Uighur community."
Android affected
This perspective is supported by an independent investigation of Volexity, a cybersecurity company based in Washington DC. He published a report earlier this month that analyzed the same threat, and stated unequivocally that the Uyghurs were the target, detailing 11 websites that had been used to carry out the attack.
In particular, the Volexity report states that, in addition to Apple's iOS, Google's mobile operating system, Android, was also noted, a detail missing from Google's research.
Google insists that it did not know that Android was affected, but it knows very well how it looks.
Tim Willis, a researcher on the Zero Project team, wrote in a tweet that the Google Threat Analysis Group "only saw the exploitation of iOS on these sites when TAG found them in January 2019 (and yes, they also searched for everything the rest)".
The independent investigators with whom I have spoken mostly are giving Project Zero the benefit of the doubt about that point. It is a highly respected group in the cybersecurity space, and it has not been seen as a type of weapon against Google's rivals. In addition, this is not exactly the first time that something related to Apple is found: the group has reported more than 200 vulnerabilities to the company to date, most without this kind of fanfare or controversy.
"Project Zero publishes a technical investigation that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies," a spokesman said.
"We support our in-depth research that was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online."
Skin in the game
But there are big questions about how Google is handling the dreaded word "C": China. The country is not mentioned in the Zero Project investigation, and a spokesman on Friday did not tell me if Google knew that the Uyghurs were under attack. But since the researchers said they had identified several affected web addresses, it seems very unlikely that two and two have not been grouped together. One of the URLs, to give an example, was clearly a news site aimed at Uyghur readers, or at least those interested in their plight.
Google is shaped in this area. You may remember a story last month about China-backed disinformation efforts on Facebook, Twitter and YouTube, designed to sow discord in troubled Hong Kong. Unlike Facebook and Twitter, which clearly stated that they felt Beijing was behind the efforts, Google stopped dead and said it had removed material related to the protests in Hong Kong.
However, there are also questions for Apple. If, as stated in its statement, Apple knew about the iOS flaw before Google informed them, why didn't they inform their users properly? Why, if I knew that there are several websites with traps that collect data on Uyghurs, did you not warn them?
And Apple, like Google, will not say if they believe that Beijing is directly responsible. That is the most important story here: the extent to which China's malicious behavior is being swept under the carpet, because the companies involved have too much skin in the game.
But now Apple has launched into the attack: angry in public and absolutely outraged in private for what looks like a kind of stitch. Google supports your research.
In a statement released on Friday, Apple disagreed with Google's characterization that it was a widespread attack on all iPhone users.
"The Google publication, issued six months after the release of the iOS patches, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time', fueling fear among all iPhone users that their devices had been compromised. " it reads.
"This was never the case."
Apple's point of discussion is not so much about what the Google Zero Project team included in its report. Rather, Apple is upset about what was left out. Cupertino's opinion is that Google's commercial interests in China led him to back down by describing the attack as directed at the persecuted Uyghur community.
"The sophisticated attack had a limited focus, not a broad exploitation of 'mass' iPhones as described. The attack affected less than a dozen websites that focus on content related to the Uighur community."
Android affected
This perspective is supported by an independent investigation of Volexity, a cybersecurity company based in Washington DC. He published a report earlier this month that analyzed the same threat, and stated unequivocally that the Uyghurs were the target, detailing 11 websites that had been used to carry out the attack.
In particular, the Volexity report states that, in addition to Apple's iOS, Google's mobile operating system, Android, was also noted, a detail missing from Google's research.
Google insists that it did not know that Android was affected, but it knows very well how it looks.
Tim Willis, a researcher on the Zero Project team, wrote in a tweet that the Google Threat Analysis Group "only saw the exploitation of iOS on these sites when TAG found them in January 2019 (and yes, they also searched for everything the rest)".
The independent investigators with whom I have spoken mostly are giving Project Zero the benefit of the doubt about that point. It is a highly respected group in the cybersecurity space, and it has not been seen as a type of weapon against Google's rivals. In addition, this is not exactly the first time that something related to Apple is found: the group has reported more than 200 vulnerabilities to the company to date, most without this kind of fanfare or controversy.
"Project Zero publishes a technical investigation that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies," a spokesman said.
"We support our in-depth research that was written to focus on the technical aspects of these vulnerabilities. We will continue to work with Apple and other leading companies to help keep people safe online."
Skin in the game
But there are big questions about how Google is handling the dreaded word "C": China. The country is not mentioned in the Zero Project investigation, and a spokesman on Friday did not tell me if Google knew that the Uyghurs were under attack. But since the researchers said they had identified several affected web addresses, it seems very unlikely that two and two have not been grouped together. One of the URLs, to give an example, was clearly a news site aimed at Uyghur readers, or at least those interested in their plight.
Google is shaped in this area. You may remember a story last month about China-backed disinformation efforts on Facebook, Twitter and YouTube, designed to sow discord in troubled Hong Kong. Unlike Facebook and Twitter, which clearly stated that they felt Beijing was behind the efforts, Google stopped dead and said it had removed material related to the protests in Hong Kong.
However, there are also questions for Apple. If, as stated in its statement, Apple knew about the iOS flaw before Google informed them, why didn't they inform their users properly? Why, if I knew that there are several websites with traps that collect data on Uyghurs, did you not warn them?
And Apple, like Google, will not say if they believe that Beijing is directly responsible. That is the most important story here: the extent to which China's malicious behavior is being swept under the carpet, because the companies involved have too much skin in the game.
No comments:
Post a Comment