Apple: Google created ‘false impression’ with iPhone scare
Apple has responded to Google’s Project Zero iPhone security scare storythat appeared scant days before Cupertino introduced a new iPhone – and is throwing shade at the advertising company-cum- smartphone competitor.
‘iOS security is unmatched’
The Google team had made series of claims that were blown out of all proportion by almost everyone, I felt.
In my opinion, the original articulation of these claims also failed to stress some seriously serious facts, such as:
- Multiple operating systems may have been impacted.
- iPhones equipped with A12 processors were immune.
- The problems were already fixed in iOS 12.4.
- The attack was specific, and not global.
(Some of this data was in the original claim, but somewhat obufuscated, speaking as an ordinary man in the street who is not considered an expert in cybersecurity analysis).
I also felt the overall tone was alarmist, even though I reported it, because I care about the security of people who read my stuff.
No one can ignore the timing of these claims, casting shade as they did just before the new iPhone launch in a year that began with Apple declaring its focus on security and privacy at CES.
No surprise Apple chose to cast a little shade of its own…
Apple’s response
Responding to the ads and search company’s claims on September 6 2019, Apple said:
“iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software.” (Italics mine).
“Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe.”
Apple also countered one of the implications in the Google team’s claims.
The research team had implied these attacks had taken place across a period of two years.
Not true, Apple claims:
“All evidence indicates that these website attacks were only operational for a brief period, roughly two months.”
Apple also points out that the attack affected fewer than a dozen websites that focus on content related to the Uighur community.
It also said:
“Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case.”
Speaking once again as an ordinary man in the street, I can only say that when I read Google’s original set of claims I very much got the impression these felt slightly baked, a little one-sided.
I tried to report the story in similar vein, and attempted to provide useful security tips for users who felt fearful of these claims.
I felt very much in a minority when I did.
I wonder if Google just accelerated the moment when Apple makes Duck Duck Go its default search engine?
Here is Apple’s full statement on the matter:
Last week, Google published a blog about vulnerabilities that Apple fixed for iOS users in February. We’ve heard from customers who were concerned by some of the claims, and we want to make sure all of our customers have the facts. First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones “en masse” as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community. Regardless of the scale of the attack, we take the safety and security of all users extremely seriously. Google’s post, issued six months after iOS patches were released, creates the false impression of “mass exploitation” to “monitor the private activities of entire populations in real time,” stoking fear among all iPhone users that their devices had been compromised. This was never the case. Second, all evidence indicates that these website attacks were only operational for a brief period, roughly two months, not “two years” as Google implies. We fixed the vulnerabilities in question in February — working extremely quickly to resolve the issue just 10 days after we learned about it. When Google approached us, we were already in the process of fixing the exploited bugs. Security is a never-ending journey and our customers can be confident we are working for them. iOS security is unmatched because we take end-to-end responsibility for the security of our hardware and software. Our product security teams around the world are constantly iterating to introduce new protections and patch vulnerabilities as soon as they’re found. We will never stop our tireless work to keep our users safe
Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
Dear reader, this is just to let you know that as an Amazon Associate I earn from qualifying purchases.