Apple: Google ‘stoked fear’ over iPhone hacking report

Apple has accused Google of scaremongering after the search giant last month revealed details of an iPhone hacking operation. 

Researchers at Google’s Project Zero bug-hunting division found several major security flaws in January that exposed iPhone users to a potential malware attack.

Although Apple was alerted to the security flaws in February and subsequently fixed them, it claims that Project Zero’s public report on the matter skirted over fundamental details.

Google, meanwhile, says the research was accurate and intends to continue probing Apple products for security flaws. 

What happened?

A couple of weeks ago, Google’s Project Zero team discovered “a small collection of websites” that were rigged with malware capable of stealing “a wealth” of personal information, including passwords and location data, reports Ars Technica. 

Google claimed that iPhone users were vulnerable to an attack from a “zero-day” exploit - the term given to a security flaw that’s unknown to the software maker - for “at least two years”, the tech site notes.

It emerged that the attacks were targeted at the Uighur Muslim community in China’s Xinjiang region and that similar issues had affected Google’s Android mobile system, neither of which were revealed by the search firm, The Daily Telegraph says.

So why is this a problem for Apple?

With privacy and security being of particular interest to customers, tech companies are willing to pay millions of dollars to experts to dig up software flaws that could expose their devices to hackers.

Apple is no exception to this, with Vice reporting that the iPhone maker is willing to pay “friendly hackers” up to $1.5m (£1.2m) “in certain circumstances”. 

However, Apple said in a statement that Project Zero’s research created “the false impression of ‘mass exploitation’ to ‘monitor the private activities of entire populations in real time’, stoking fear among all iPhone users that their devices had been compromised”.

It added: “The sophisticated attack was narrowly focused, not a broad-based exploit of iPhones ‘en masse’ as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community.”

Given that the Uighur community has been persecuted by the Chinese government for decades, Apple believes that Google stripped out certain details of the bugged websites to maintain its business relations with China, the BBC reports.

“All evidence indicates that these website attacks were only operational for a brief period, roughly two months, not ‘two years’ as Google implies,” added Apple. “We fixed the vulnerabilities in question in February – working extremely quickly to resolve the issue just 10 days after we learned about it.”

How did Google respond?

In spite of Apple’s damning response, Google stood by Project Zero’s report and vowed to continue its hunt for software bugs in its competitor’s devices. 

“Project Zero posts technical research that is designed to advance the understanding of security vulnerabilities, which leads to better defensive strategies,” a Google spokesperson said.

“We stand by our in-depth research which was written to focus on the technical aspects of these vulnerabilities,” the spokesperson added. “We will continue to work with Apple and other leading companies to help keep people safe online.”