The Chinese government is using a hacking group known as “The Evil Eye.” It’s a name only a super villain could love. I suppose that’s fitting. The group monitors and finds exploits and uses them to track targets. Often in the case of China, this is its own citizens. There, they’re carefully monitored for dangerous thoughts, like individualism, democracy, religion, freedom of speech, or homosexuality. However, there may be no group within China being tracked more carefully now than China’s Uighurs.
The Evil Eye used an exploit in iOS 12.3.0 to 12.3.3, inclusively. Apple updated iOS 12 to 12.4 last summer, and the current version of iOS is 13.3. That means, if you’re up to date, you have nothing to fear. Still, for those targeted, China collected photos, browsing habits, messages, and more.The hack helped China track a group of people they’re currently sending to “reeducation” camps.
Could this hack have helped China track, imprison, torment, and kill a group of people for their religious beliefs?
The Hack
In September of 2019, security group Volexity found China was using a number of exploits to track Uighur Muslims through their Android phones. Now, a Google Project Zero release, confirmed by Volexity, describes a similar hack on iOS devices.
The hack works by using an infected website. China specifically targeted websites Uighur Muslims would be using. Then, the infected website would install and run code on your device, allowing root access. Now that it’s on your device, they could collect your photos, unencrypted emails and messages, and contact information. China could even log your GPS location.
China’s attack took advantage of an exploit in WebKit, the rendering engine used in Safari and Google Chrome. Unfortunately, due to Apple’s guidelines, the iPhone is exceptionally at risk for a WebKit attack. All browsers on iOS must use WebKit, even Firefox, which has its own rendering engine.
The exploit leaves the vulnerable iPhone open to download an executable file. This can run on your device, collecting information and sending it off to Evil Eye’s servers so China could monitor it.
Ironically, the stolen data wasn’t encrypted on its way to Chinese servers, so anyone observing the hack could easily snoop.
Ongoing Efforts
Apple updated this particular exploit last year. That doesn’t mean they’re stopping. They were working to snoop on photos sent by encrypted chat app Signal, which sends photos unencrypted. They also may have been able to collect information off of ProtonMail, a secure encrypted email service. Both apps are ones I use, and come recommended even by NSA leaker Edward Snowden. However, secure systems rely on secure foundations. When one falls apart, they all do.
Protect Yourself
You can protect yourself by keeping your device up to date. Use secure services like Signal and ProtonMail. Practice password security by rotating your passwords, never re-using passwords, maintaining multiple email accounts, using encrypted services, and using a password manager like 1Password or LastPass to keep everything together. Stay up to date, and make sure you’re aware of hacks like this.
Sources:
- Andrew Case, Dave Lassalle, Matthew Meltzer, Sean Koessel, Steven Adair, Thomas Lancaster: Volexity
- Catalin Cimpanu, ZDNet
- Mike Peterson, AppleInsider
- Michael Potuck, 9to5Mac