It is revealed that the Chinese government was hacking the iPhone using the vulnerability that won the prize in the contest and developing a monitoring tool for Uighurs



A Chinese white hacker who participated in a hacking contest discovered a zero-day vulnerability and won a prize in the contest. Usually, these vulnerabilities are reported to the developer, fixed, and then published. However, it was reported that the Chinese government

created an exploit that exploited this vulnerability and developed a surveillance tool to spy on Uighurs.

Report: China Turned Prize-Winning iPhone Hack into a Surveillance Tool Against Uyghur Muslims
https://www.iphonehacks.com/2021/05/china-prize-winning-iphone-hack-uyghur-muslims.html

iPhone hack used by China to spy on Uyghur Muslims --9to5Mac
https://9to5mac.com/2021/05/06/iphone-hack/

Chinese Government Reportedly Used Prize-Winning iPhone Hack to Spy on Uyghur Muslims | iPhone in Canada Blog
https://www.iphoneincanada.ca/news/china-hack-uyghur/

The hacking contest Pwn2Own is an event attended by millions of security researchers from around the world. Zhou Hongyi, CEO of Chinese cybersecurity giant Qihoo 360, warned Chinese security researchers attending these events that 'the vulnerabilities they found would be unusable.' Hongyi argued that by keeping these discoveries in China, the country would gain 'strategic value.'

In response to these statements, in 2017 the Chinese government banned security researchers from participating in global hacking events. In addition, we announced 'The Tiafu Cup', a hacking contest sponsored by China, and awarded participants more than $ 1 million (about 110 million yen) in prize money.



The Tiafu Cup was first held in November 2018, and the highest award-winning exploit was awarded $ 200,000.

Qihoo 360 researcher Qixun Zhao developed the award-winning exploit, which makes it easy and reliable to control the latest iPhones. It seems that it will be possible to hijack the terminal by attacking the iPhone that accessed the web page with malicious code embedded from Safari, which is Apple's genuine web browser.

Zhao, the developer of the exploit, warned that the exploit he developed was 'chaos' because it could spy on iPhones around the world.



Apple fixed the vulnerability in January 2019, two months after the exploit was announced. However, in the second half of 2019, Google discovered and announced that a large-scale hack using the vulnerability discovered by Mr. Zhao was being carried out.

According to Google, the Chinese government built a tool to monitor Uighurs using the exploit shortly after Zhao announced it. It seems that Apple was launching an attack targeting the Uighur iPhone before fixing the vulnerability.

'Government agencies shouldn't interfere with cybersecurity events, and companies like Apple should strive to further strengthen their bug bounty programs,' said iPhone Hacks , an Apple-related media outlet.

in Mobile,   Software,   Security, Posted by logu_ii