23. May 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

In 2019, Apple aimed to reassure its customers when it revealed in a blog post that it had fixed a security flaw in its iOS operating system. According to Apple, the exploited vulnerability was “narrowly focused” on websites with data relevant to the Uyghur community. 

It has since been revealed that the flaw in question was found at China’s leading hacking competition, the Tianfu Cup, where a skilled hacker was rewarded for his efforts. The standard procedure would be to notify Apple of the flaw. However, it is said that the violation was kept hidden, with the Chinese government obtaining it to spy on the country’s Muslim minority. 

Hacking competitions are a well-established method for technology companies like Apple to identify and address security flaws in their software. However, with state-sponsored hacking on the rise, the possibility that the Tianfu Cup is providing Beijing with new surveillance tools is worrying, particularly given how Chinese competitors have long dominated international hacking competitions. 

When software is compromised, it’s usually because an attacker discovered and exploited a cybersecurity flaw that the software provider was unaware of. Finding these flaws before they’re discovered by cybercriminals or state-sponsored hackers will save tech firms a lot of money. Until 2017, Chinese hackers took home a large percentage of the Pwn2Own awards. However, after a Chinese billionaire argued that Chinese hackers should “stay in China” because their work is strategic, Beijing replied by prohibiting Chinese people from participating in international hacking competitions.