How China invaded Uyghurs with its award-winning iPhone
In March 2017, a group of hackers from China arrived in Vancouver with the goal of discovering hidden weaknesses in the most popular technology in the world.
Google’s Chrome browser, Microsoft’s Windows operating system and Apple’s iPhone are all attractive. But no one broke the law. These are just some of the people who participated in Pwn2Own (one of the most prestigious hacking competitions in the world).
This is the 10th anniversary of Pwn2Own. This competition attracts elite hackers from all over the world. If they manage to exploit previously undiscovered software vulnerabilities (called “zero-day difference”), they will attract a lot of cash. Once a defect is found, the detailed information will be handed over to the company involved so that they have time to fix it. At the same time, hackers walked away with financial rewards and eternal bragging rights.
Over the years, Chinese hackers have been the main force in activities such as Pwn2Own. They have won millions of dollars in prizes and have been among the elite. But in 2017, everything stopped.
In an unexpected statement, the founder and CEO of billionaire Chinese cybersecurity giant Qihoo 360 (one of China’s most important technology companies) made public been criticized Chinese citizens who go abroad to participate in hacking competitions. In an interview with the Chinese news website Sina.com, Zhou Hongyi said that outstanding performance in such incidents only represents “imaginary” success. Zhou warned that once Chinese hackers show vulnerabilities in overseas competitions, they “will no longer be used.” He believes that, instead, hackers and their knowledge should “stay in China” so that they can realize the true importance and “strategic value” of software vulnerabilities.
Beijing agreed.Soon, the Chinese government banned Cyber security researchers participating in the overseas hacking contest. Just a few months later, a new competition suddenly appeared in China to replace the international competition. The so-called “Tianfu Cup” provided prizes totaling more than one million U.S. dollars.
The first event was held in November 2018. The highest prize of 200,000 US dollars was awarded to Qihoo 360 researcher Zhao Qixun, who demonstrated extraordinary achievements. chain Exploiting the vulnerability allows him to easily and reliably control the latest iPhone. Starting from the beginning of the Safari Web browser, he discovered that the core (kernel) of the iPhone operating system was flawed. result? A remote attacker can take over any iPhone that visits a web page containing Qixun malicious code. Such hackers may be sold on the open market for millions of dollars, giving criminals or the government the ability to monitor large numbers of people. Qi Xun named it “Chaos”.
Two months later, in January 2019, Apple released an update to fix the vulnerability. To great fanfare-just thank those who found it.
But in August of that year, Google released Extraordinary analysis Call it the “large-scale use of the iPhone.” The researchers dissected five different utilization chains they found in the “field.” Among them was the exploit that won Qixun the first prize of Tianfu, which they said was also discovered by an unknown “attacker”.
Google researchers pointed out the similarities between the attacks they used in the real world and chaos. However, their in-depth research ignores the identity of the victim and the attacker: Uighur Muslims and the Chinese government.
An oppressive movement
In the past seven years, China Human rights violation Oppose Uighurs and other ethnic minorities in western Xinjiang. Documented aspects of the campaign include detention camps, systemic forced sterilization, Organized torture and rape, Forced labor and unparalleled surveillance work. Beijing officials believe that China is taking action to combat “terrorism and extremism,” but the United States, like other countries, Genocide.Abuse adds up to unprecedented high-tech Oppressive movement Dominate the lives of Uyghurs, partly relying on targeted hacking activities.
China’s hacking of Uyghurs is so aggressive that it is effective Worldwide, Far beyond the borders of the country. It targets journalists, political dissidents, and anyone who raises Beijing’s suspicion of insufficient loyalty.
Soon after Google researchers noticed these attacks, the media report Bit by bit: The target of the campaign using the Chaos vulnerability is the Uyghurs, and the hackers have ties to the Chinese government.Apple published a rare blog postal This confirms that the attack took place for more than two months: that is, it started immediately after Qixun won the Tianfu Cup and lasted until Apple released a repair plan.