Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Google IOS Security Apple IT Technology

Apple Disputes Google's Claims of a Devastating iPhone Hack (vice.com) 22

In a rare move, Apple has released a statement to comment on the attacks on iPhone users revealed by Google last week. From a report: Last week, Google dropped a bombshell in the form of a long, detailed analysis of five chains of iOS vulnerabilities discovered by its security teams. Google didn't say who was behind the attacks, nor who was targeted, but described the attack as "indiscriminate," and potentially hitting "thousands" of people. Apple disagrees. Friday, Apple published a brief press release that disputes some relatively minor details that Google released about the attacks. Namely, that the attacks lasted for a shorter amount of time and that they were less widespread than Google reported.

"First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community." Apple wrote. "Google's post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time,' stoking fear among all iPhone users that their devices had been compromised. This was never the case. Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not 'two years' as Google implies," the statement continued.

This discussion has been archived. No new comments can be posted.

Apple Disputes Google's Claims of a Devastating iPhone Hack

Comments Filter:
  • corporate speak meaning something
    • I have been in the industry for decades. Competition will often over inflate the seriousness of their competitors problems, while the other side will downplay it.

      I expect both Google and Apple are lying.

      Being that shortly after the communication I got a couple of iOS updates. (Close to iOS 13 release date) meaning the problem was indeed big enough for apple to put in some quick fixes.

      However unlike other major security problems in the past, we are not flooded with reports of their iPhone getting compromis

  • I wonder if Google intentionally exaggerated the impact of the bugs a moderate amount just so Apple would feel compelled to correct the details, thus keeping the information going through the news cycle longer?
  • Now, I'm sure there's some truth to this. As a former Android fanboi and current Iphone user, I have been paying attention to the two companies' mobile strategies since the Iphone was released. However, having grown tired of Google's spying I switched to Iphone a few years ago. That said, I wonder if Google is only saying the Iphone has issues to sow doubt in people's minds.
    • Most likely.
      Usually I find the truth lies somewhere in the middle though, and it seems likely that not only is Google blowing this out of proportion (and they've certainly abandoned the "Don't be evil" axiom long ago), but that Apple is, on the other hand, also downplaying some elements of it as well.

    • I'm an iPhone user, but obviously Apple has a vested interest in playing down the severity of any broad vulnerability. On the other hand, Project Zero is not above political considerations.

      I suspect the truth lies somewhere between the two points.

    • by ceoyoyo ( 59147 )

      When a corp monitors your activities on an iPhone Apple screwed up. When one does the same on Android, Google's doing theirs properly.

    • Probably, they did something similar when the Android version of Fortnite was released on its own instead of through the Google play store.
  • by JoeyRox ( 2711699 ) on Friday September 06, 2019 @01:21PM (#59166210)
    The technical aspects of the exploit are pretty clear - it's a devastating chain exploit that left all iPhones vulnerable to being completely compromised by simply visiting a web page. Which means all Apple can really argue is how widespread the exploit was deployed. They claim it was limited to a few sites, and perhaps that's what Google found as well, but how the hell can they actually prove that?
    • They can't prove shit and neither can anyone else and they know it. They're just trying to down-play the notion that anyone you actually care about got hacked so you'll quickly forget it happened. The public never learns their lesson, and the schadenfreude continues unabated. Sucks to be you if you were one of the individuals actually targeted by this hack, because even law enforcement won't believe you now.

      • by Mal-2 ( 675116 )

        Given who was targeted, I'd say law enforcement was in on it. They'd believe you, but it wouldn't matter because they're setting you up.

    • It's not clear how widespread this attack was and how many people were caught up in it, and on what OSes.

      https://www.forbes.com/sites/t... [forbes.com]

      What should be clear is that the Chinese government will bend its considerable resources to keep exceptional exploits to themselves for the purposes of targeting a minority group in their country. It would be foolish of us to assume that only Apple was affected.

      Apple, obviously, wants people to know that in general their phones are safe. If this were a particularly wide-s

      • by ewilen ( 908963 )
        Exactly—the original ProjectZero post expressed a desire to move past discussion of the million dollar dissident—which I take to mean the idea that highly sophisticated zero day exploits are only worth using in targeted attacks, both because of the cost of development and the opportunity cost when the hack is inevitably exposed and expended. But the updated news shows that’s exactly what this is—China is highly motivated against perceived threats to national unity, and by focusing
    • They don't have to prove it. They just have to cast doubt on Google's claims to people who buy or might buy Apple devices. It costs them nothing to make a statement like this. Apple fanboys will eat it up without question and to non-fanboys, it creates the illusion that there are two sides to the issue, which casts doubt on Google's claim. This is 100% a PR move, and an effective one at that.
    • What is Apple disputing exactly?

      Google claims the exploit was around for two years, Apple says 2 months... yes the Technical existence of the exploit is clear, the timeframe for possibly being exploited was not.

      Seems pretty clear it was only the Chinese government that exploited it though so very few iPhone users were actually affected.

      • Google claims the exploit was around for two years, Apple says 2 months.

        The vulnerability dates back to iOS 10, which was released 2 years ago. Apple hasn't provided any evidence the exploit hasn't been used over that full period.

        Seems pretty clear it was only the Chinese government that exploited it though so very few iPhone users were actually affected.

        Seems clear how exactly?
    • by bill_mcgonigle ( 4333 ) * on Friday September 06, 2019 @04:20PM (#59167072) Homepage Journal

      Google certainly has snapshots of websites going back in time. I don't see why they'd lie on something that would be roundly defeated in court for defamation kind of money.

      The rest of the analysis is extremely thorough.

      I think Apple may be panicking because they're spending huge money on "privacy" billboards that they ought to be spending on security.

      Their lax security has almost certainly helped the Chinese government round up some of the 2.5 million Uyghurs they have in concentration camps for their slow-burn genocide.

      The pathetic thing is that the implant doesn't even attempt to hide itself (it runs from /tmp ) because iOS doesn't even allow you to see a process list.

      "Privacy".

  • by Keruo ( 771880 ) on Friday September 06, 2019 @01:48PM (#59166304)
    As a android user, you can at least be safe and always upgrade to the latest version.. ..oh wait..
    • by Merk42 ( 1906718 )

      As a android user, you can at least be safe and always upgrade to the latest version...

      Yep Pixel 3 owner on Android 10 here.

  • by u19925 ( 613350 ) on Friday September 06, 2019 @01:58PM (#59166340)

    Roughly half of Android users are vulnerable even as of today because there is no mechanism for them to get security fixes. Only 2% of people using Google phone made in last 3-4 years can get security fixes in a guaranteed way.

  • from the serious allegations Brave made against Google a couple of days ago.I was surprised they didn't cause the expected outrage.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...