Last week’s iPhone hack may have been wider than first thought to also affect Android and Windows devices, according to reports.
Sources speaking to Forbes have claimed that the attacks, which used malicious websites to install surveillance software onto victim devices, may have been part of a long-running campaign originating from China.
The attacks, discovered by Google security researchers, were reportedly used to target devices used by the Uighur Muslim ethnic group in the country as part of a crackdown by the Chinese state.
Last week’s report from Google’s Project Zero security team uncovered a number of malicious websites were able to hack into a victim’s iPhone without them knowing. Once accessed by clicking on a redirect link, the devices were then infected with malicious software that was able to data such as contact info, media files and even GPS location.
Versions of iPhone software up to and including iOS 12 were affected, with attackers also able to detect what apps the user had installed, hoovering up data from popular services such as Instagram, WhatsApp and Telegram, as well as Google products such as Gmail and Hangouts.
The campaign allegedly utilised Uighur-interest sites to draw in victims from the region, ensuring specific groups of users could be targeted. Uighurs have been targeted by high levels of surveillance from Chinese authorities in recent years, particularly across Xinjiang province, with recent UN figures suggesting more than a million Uighurs have been detained.
Google and Apple have not commented on the reports, which also claim that the attacks were updated over time as different operating systems and new smartphones and PC models were released.
However Microsoft says it has yet to receive any information from Google’s team.
“Google Project Zero was very specific in its blog post that the recently publicized attacks used unique iPhone exploits and they have not disclosed similar information to us,” a Microsoft spokesperson said.
“Microsoft has a strong commitment to investigate reported security issues and, should new information be disclosed, we will take appropriate action as needed to help keep customers protected.”
Google informed Apple of the flaws back in February, with a new release of iOS released soon after correcting the issue.