Apple Slams Google's iPhone Hack Disclosure: Created 'False Impression'
Apple says Google is guilty of ‘stoking fear among all iPhone users that their devices had been compromised.’
One week after a Google security research team disclosed an an attempt to hack iPhones, Apple responded with a statement that sharply criticizes the approach taken by Google during the disclosure.
Apple is also contradicting some of the details shared by Google, saying the attempted hack took place over a far shorter time period than claimed in the disclosure.
[Related: Apple's 9 Biggest Reveals At WWDC 2019]
"Google’s post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time,' stoking fear among all iPhone users that their devices had been compromised. This was never the case," Apple said in the statement.
According to Ian Beer of Google's Project Zero security research team, a small collection of hacked websites exploited vulnerabilities in Apple's iOS operating system, allowing hackers to covertly place "monitoring implants" on the phones of users who visited said websites.
The monitoring implants used by the hackers had the ability to steal private data like iMessages, photos and GPS location in real-time, according to Google researchers.
However, according to Apple's statement, the attack was "narrowly focused, not a broad-based exploit of iPhones 'en masse' as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community." The Uighur community is a predominantly Muslim group that has reportedly faced detentions and surveillance by the Chinese government.
Additionally, "all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not 'two years' as Google implies," Apple said in its statement.
Google did not immediately respond to a request for comment from CRN.
Apple says it fixed the vulnerabilities in February, "working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs."
Working with Google's Threat Analysis Group, the researchers discovered a total of 14 iPhone vulnerabilities related to five exploits. Seven of the vulnerabilities were tied to the iPhone's web browser, five were related to the kernel, and two were associated with separate sandbox escapes, according to researchers.
The separate and unique iPhone exploit chains identified by Google researchers covered almost every version of the iOS operating system, from iOS 10 through to the latest version of iOS 12.
"This indicated a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years," Beer said in the blog post. "For this one campaign that we’ve seen, there are almost certainly others that are yet to be seen."