Google last week disclosed the details of an incredibly sophisticated campaign to attack iPhones and steal vast amounts of personal, uniquely identifying data over the course of several years. The company only said at the time that iPhones were affected, and that it notified Apple privately of the vulnerabilities in February this year. Apple then patched the vulnerabilities within days of being made aware of them. However it has now come to light that the attacks were reportedly carried out by the Chinese government specifically to target the minority Uighur ethnic group, and that Android and Windows-based devices have also been affected.
As disclosed by Google in a lengthy blog post, the attacks were carried out using maliciously altered websites. Users visiting these websites with an iPhone were automatically infected and personal data including passwords, photos, text messages, and GPS coordinates was compromised, according to Google. The company has not stated whether it was aware of similar attacks against its own Android mobile operating system and Windows-based PCs over that same duration.
Google described its findings as evidence of "a group making a sustained effort to hack the users of iPhones in certain communities over a period of at least two years" though it did not identify either the attacker or targeted victims.
TechCrunch and Forbes have reported that it was the Chinese government targeting the Uighur ethnic group, and that many others have been caught up in the attack simply by having visited the same websites, which infect devices indiscriminately.
Techcrunch further cites an anonymous source who says that the US FBI has opened an investigation of its own into the attacks and has contacted Google to delist the affected websites from its index to prevent further spread. It is still not clear which websites were affected and how many people have been infected in total.
Microsoft said in a statement to Forbes that Google has not notified it of any such findings, in the way that it says it reported them to Apple. Google has not yet acknowledged reports of Android also being targeted. Apple has also not released any statement or comment on the disclosures.