For at least the past two months, Apple Inc. (NASDAQ: AAPL) iPhones and Macs used by visitors to Hong Kong-based media and pro-democracy websites were infected by malware that placed a backdoor entry point on the iPhones and Macs that could later be used to steal data from the infected device.
Wired reported the attacks Thursday after a report from Google’s threat analysis group (TAG) revealed that it notified Apple in late August of the so-called watering hole attack, which Apple quickly patched. A watering hole attack places a piece of malware on a website known to be frequented by members of a group. If the malware succeeds in infecting a single user’s device, the attackers then gain access to the unlucky user’s workplace network.
The object of the attack is neither ransom nor spying on certain individuals:
Rather than a targeted attack that focuses on high-value targets like journalists and dissidents, though, the suspected state-backed group went for scale.
The recent attacks specifically focused on compromising Hong Kong websites “for a media outlet and a prominent pro-democracy labor and political group,” according to the TAG report. It’s unclear how hackers compromised those sites to begin with. But once installed on victim devices, the malware they distributed ran in the background and could download files or exfiltrate data, conduct screen capturing and keylogging, initiate audio recording, and execute other commands. It also made a “fingerprint” of each victims’ device for identification.
The attack was highly sophisticated and “was carefully crafted and ‘seems to be a product of extensive software engineering.'” The director of Google’s TAG team did not speculate about the source of the watering hole attack, but he did tell Wired that “the activity and targeting is consistent with a government-backed actor.”
In October, Apple filed a patent application in Singapore related to “methods of pairing and unpairing drones to controllers,” according to a Thursday report at 9to5Mac. Two more drone-related patent applications turned up Thursday, and both of those are related to controlling unmanned aerial vehicles (UAVs, or drones) within a cellular network.
Since the original filings in Singapore, Apple also has filed the patent applications in the United States. Patently Apple has a detailed explanation of the patent filings and what the patents could be used for.
Also on the patent front, Apple has applied for a patent on a privacy feature that would require special glasses to view the contents of an iPhone screen. The so-called privacy eyewear “blocks people around you from seeing the content on the screen of your device, since the only way to see what’s on the screen is through the glasses.”
Apple’s main iPhone assembler, Hon Hai Technology (aka Foxconn) reported quarterly results Friday morning that beat analysts’ estimates. However, the Taiwanese firm noted that revenue will decline in the current quarter as a result of constrained chip supply.