ReutersSep 25, 2019 07:15:21 IST
By Joseph Menn
SAN FRANCISCO (Reuters) - Sophisticated Chinese hackers who used a previously unknown iPhone security flaw to target ethnic minority Uighurs also went after Tibetans in exile, according to a report published on Tuesday.
It was the first detected use of malicious software against exiled Tibetans that required only a single click on a mobile device to work, said Citizen Lab, a Canada-based academic research group.
Citing the technical similarities in the attacks and ones uncovered by U.S. tech firms against Uighurs, the report suggested that forces likely working with the Chinese government may be upgrading their surveillance efforts against key minorities more broadly. The Tibetans are protesting Chinese rule of the mountainous region inside China.
China's foreign ministry and the Cyberspace Administration of China did not immediately respond to requests for comment.
Citizen Lab, based at the University of Toronto, said it had worked with the recently established Tibetan Computer Emergency Readiness Team (TibCERT), a coalition of Tibetan organizations working on digital security, to probe cyber attacks that occurred between November 2018 and May 2019.
In the attacks, people posing as human rights workers or journalists contacted unnamed senior figures in Tibetan groups over Facebook's
Among the groups targeted in November 2018 were the private office of Tibetan spiritual leader the Dalai Lama, the Tibetan Parliament, and human rights organizations, the report said.
Using well-crafted cover stories, the attackers tried to entice the targets to click on links to websites that would have installed spyware on Apple or Android devices, the report said.
Eight of the 15 Tibetans known to have received the tainted links recalled clicking on them to open them, the researchers said. All their devices were protected by patches that had been issued for the security flaws, but the researchers followed the links themselves to determine what would have happened.
Citizen Lab said the spyware aimed at the Tibetans had also been used to target Uighurs, a mostly Muslim minority group considered a possible security threat by Beijing, in two campaigns revealed in the past month. One was discovered by Google
An Apple spokesman said the company had consulted with Citizen Lab and confirmed that the attack tools would not have worked against the Tibetan targets who had updated their iPhones.
"We always encourage customers to download the latest version of iOS for the best and most current security enhancements," said spokesman Todd Wilder.
China is facing growing international criticism over its treatment of Uighurs in Xinjiang. It has repeatedly denied involvement in cyber attacks or any mistreatment of the Uighur people.
Although lead Citizen Lab researcher Bill Marczak said Citizen Lab found "a very clear nexus with China," he acknowledged that "it doesn't automatically mean it's the government, it's kind of hard to say from a technical point of view."
Lobsang Gyatso, secretary of TibCERT, said that the group would use the report to spread awareness of hacking tactics and promote better defence.
(Reporting by Joseph Menn; editing by Darren Schuettler and Rosalba O'Brien)
This story has not been edited by Firstpost staff and is generated by auto-feed.
Welcome to Tech2 Innovate, India’s most definitive youth festival celebrating innovation is being held at GMR Grounds, Aerocity Phase 2, on 14th and 15th February 2020. Come and experience an amalgamation of tech, gadgets, automobiles, music, technology, and pop culture along with the who’s who of the online world. Book your tickets now.