One of China’s world class computer hackers compromised all the latest iPhones and won a lot of prize money for doing it. Communist Party spies used it as a weapon against the Uyghur Muslims until Apple discovered and fixed the problem on their own. The shameless exploit was done totally out in the open knowing there was nothing anyone could do about it. Google researcher Ian Beer is astounded. “I shan’t get into a discussion of whether these exploits cost $1 million, $2 million, or $20 million,” he wrote. “I will instead suggest that all of those price tags seem low for the capability to target and monitor the private activities of entire populations in real time.”
Hacking to win a prize
There is a lot of prize money to be earned by security researchers who want to find the bugs before they get exploited by bad guys. Then there’s the Chinese team. They are the bad guys. They weren’t always but they are now. The Annual Pwn2Own contest draws the best of the world class coders from every arc of the planet “with the lure of big cash prizes.”
All they have to do is “exploit previously undiscovered software vulnerabilities.” The idea is to turn the security flaws over to the owner so they can fix it before anyone gets attacked. Along with a hefty check comes serious respect in the industry which leads to big offers and projects. The arrangement is supposed to work for all involved. There’s a problem though. Not everyone wants to play fair.
Chinese hackers have been some of the most successful since the beginning of the Pwn2Own contest, “earning millions of dollars in prizes and establishing themselves among the elite.” Prize money is only part of the deal though.
Things changed after 2017’s 10th anniversary contest in Vancouver. That year, the big targets were Google’s Chrome browser, Microsoft’s Windows operating system, and Apple’s iPhones.
One of China’s best programmers hacked an iphone to take a huge prize. “Chinese intelligence used it as a weapon” practically overnight. They used it to the hilt while Apple scrambled to close the hole. Zhou Hongyi, the billionaire founder and CEO cybersecurity leader Qihoo 360, pointed out the obvious.
Once Chinese hackers show off vulnerabilities at overseas competitions, they can “no longer be used.” China can get a lot more mileage from keeping that kind of knowledge “in house.” Xi Jinping grinned from ear-to-ear and said “sure!” The Chinese weren’t allowed to go to any more foreign hacking contests.
Take over any iPhone
To make up for the missing reward money, Beijing set up their own contest in 2018. The Tianfu Cup offered prizes that added up to over a million dollars. The first top prize went to Qihoo 360 researcher Qixun Zhao, “who showed off a remarkable chain of exploits that allowed him to easily and reliably take control of even the newest and most up-to-date iPhones.”
He could “take over any iPhone that visited a web page” containing his malicious code. He called it “Chaos.” It took two months for Apple, with an assist from the U.S. federal government, to discover and patch the exploit.
Apple quietly fixed the problem, but in August, Google reported on what had happened. It turns out that “a hacking campaign was ‘exploiting iPhones en masse.'”
They were using the chaos exploit that the Chinese paid prize money for. They didn’t mention that the victims were Uyghur Muslims and the attackers are the Chinese government. Beijing calls it a fight against “terrorism and extremism.” On the other side they call it “systematic compulsory sterilization, organized torture and rape, forced labor, and an unparalleled surveillance effort.”
Eventually, Apple fessed up and admitted that “the targets of the campaign that used the Chaos exploit were the Uyghur people, and the hackers were linked to the Chinese government.”
They also verified that the attack started “immediately after Qixun won the Tianfu Cup” prize and continued “until Apple issued the fix.” This will be the third year for the Tianfu Cup. American officials and security experts “are increasingly concerned about the links between those involved in the competition and the Chinese military.”