SAN FRANCISCO (Reuters) - Chinese hackers who used a previously unknown iPhone security flaw to target ethnic minority Uighurs also went after Tibetans in exile, according to a report published on Tuesday.
It was the first detected use of malicious software against exiled Tibetans that required only a single click on a mobile device to work, said Citizen Lab, a Canada-based academic research group.
Citing the technical similarities in the attacks and ones uncovered by U.S. tech firms against Uighurs, the report suggested that forces likely working with the Chinese government may be upgrading their surveillance efforts against key minorities more broadly. The Tibetans are protesting Chinese rule of the mountainous region inside China.
Asked in Beijing about the report, Chinese Foreign Ministry spokesman Geng Shuang said China resolutely opposed and cracked down on any form of internet attacks, and that any accusations needed to be backed up by cast-iron proof.
Citizen Lab, based at the University of Toronto, said it had worked with the recently established Tibetan Computer Emergency Readiness Team (TibCERT), a coalition of Tibetan organizations working on digital security, to probe cyber attacks that occurred between November 2018 and May 2019.
In the attacks, people posing as human rights workers or journalists contacted unnamed senior figures in Tibetan groups over Facebook’s WhatsApp messaging service, according to screenshots featuring their phone numbers posted in the Citizen Lab report. Reuters was not able to independently confirm the authenticity of the screenshots or details of the report.
Among the groups targeted in November 2018 were the private office of Tibetan spiritual leader the Dalai Lama, the Tibetan Parliament, and human rights organizations, the report said.
Using well-crafted cover stories, the attackers tried to entice the targets to click on links to websites that would have installed spyware on Apple or Android devices, the report said.
Eight of the 15 Tibetans known to have received the tainted links recalled clicking on them to open them, the researchers said. All their devices were protected by patches that had been issued for the security flaws, but the researchers followed the links themselves to determine what would have happened.
Citizen Lab said the spyware aimed at the Tibetans had also been used to target Uighurs, a mostly Muslim minority group considered a possible security threat by Beijing, in two campaigns revealed in the past month. One was discovered by Google, and another by security company Volexity.
An Apple spokesman said the company had consulted with Citizen Lab and confirmed that the attack tools would not have worked against the Tibetan targets who had updated their iPhones.
“We always encourage customers to download the latest version of iOS for the best and most current security enhancements,” said spokesman Todd Wilder.
China is facing growing international criticism over its treatment of Uighurs in Xinjiang. It has repeatedly denied involvement in cyber attacks or any mistreatment of the Uighur people.
Although lead Citizen Lab researcher Bill Marczak said Citizen Lab found “a very clear nexus with China,” he acknowledged that “it doesn’t automatically mean it’s the government, it’s kind of hard to say from a technical point of view.”
Lobsang Gyatso, secretary of TibCERT, said that the group would use the report to spread awareness of hacking tactics and promote better defense.
Reporting by Joseph Menn; Additional reporting by Ben Blanchard in Beijing; editing by Darren Schuettler and Rosalba O'Brien