A protester wears a mask painted with Xinjiang or East Turkestan's flag and tears of blood in Brussels in April 2018.
Emmanuel Dunand/AFP/Getty
  • A huge iPhone hack disclosed by Google security researchers last week was reportedly a state-backed Chinese campaign targeting Uighur Muslims, sources told TechCrunch.
  • Forbes echoed TechCrunch's reporting, adding that the hack affected Android and Windows devices as well as iPhones.
  • Google's initial report said the hack was an indiscriminate attack that used a handful of malicious websites to infect people's phones.
  • For more stories go to www.BusinessInsider.co.za.

A recent massive iPhone hack discovered by Google researchers may have been a campaign to target Uighur Muslims, an oppressed ethnic minority living in China, TechCrunch and Forbes report.

The hack came to light last week, when researchers at Google's cybersecurity wing Project Zero reported they had found a handful of websites which had been secretly injecting spyware into iPhones over the course of two years.

The researchers said in a blog post published Thursday that there was "no target discrimination," and that the hack allowed access to personal messages, images, and real-time location data, an astonishing breadth of information.

Google didn't name the websites or say exactly how many there were, but said that each site received thousands of hits per week.

TechCrunch was the first to report that the sites were part of a state-backed campaign to target Uighur people, citing sources familiar with the matter. Forbes later confirmed this with its own sources, and added that the hack had also affected devices running Google's Android operating system and Microsoft's Windows.

The Uighurs are a mostly Muslim and heavily-surveilled minority living in China's Xinjiang province. Chinese authorities have detained somewhere between 1 and 2 million Uighur people in prison camps, describing it as a counter-terrorism measure.

One source told TechCrunch that some non-Uighur people were inadvertently infected because the websites could be found in Google search, and the FBI asked Google to de-index the websites. The FBI declined to comment when contacted by TechCrunch.

Apple, Google, and Microsoft did not immediately respond to Business Insider's request for comment.

A Microsoft spokesperson said: "Google Project Zero was very specific in its blog post that the recently publicised attacks used unique iPhone exploits and they have not disclosed similar information to us. Microsoft has a strong commitment to investigate reported security issues and, should new information be disclosed, we will take appropriate action as needed to help keep customers protected."

Receive a daily email with all our latest news: click here.

Also from Business Insider South Africa: