Daniel Sinclair @_DanielSinclair Building for young people. Not reading @danielsunread. Lurking behind likes and thinking about social media, communication, & China. Nov. 25, 2019 1 min read

"Since at least July 2016, Chinese authorities have been monitoring [Zapya] on some Uighurs’ phone in order to flag users for investigation... Directives in the leaked documents [ordered Uighurs abroad] to be monitored as well."  https://techcrunch.com/2019/11/24/leaked-chinese-government-documents-detail-how-tech-is-used-to-escalate-the-persecution-of-uighurs/ 

This cable trove confirms what was suspected, caught by HRW, & discovered by Project Zero. The Zapya dragnet may be those exact PZ exploits, and that — w/ the FBI the source — adds weight behind the idea that our intelligence community knew. For how long?

"In mid-2017, a group of California cybersecurity analysts reported that hackers had exploited flaws in Zapya, WeChat, and other apps to infiltrate users’ phones and steal private information." That is referring to SpyDealer.  https://www.icij.org/investigations/china-cables/how-china-targets-uighurs-one-by-one-for-using-a-mobile-app/   https://unit42.paloaltonetworks.com/unit42-spydealer-android-trojan-spying-40-apps/ 

What those documents unveil, and what the researchers have discovered and analyzed, is an organized, multi-year compromise of both iOS and Android, and many apps. The public deserves the right to know how & when the FBI discovered it, and whether the attacks reached U.S. shores.

IIRC, Apple provided a comment and denied the existence of a gag order following the publication of this iOS Security letter. But we also now know of the existence of several now-public National Security Letters. What don't we know?
 https://techcrunch.com/2019/07/02/apple-app-government-takedowns/ 
 https://www.apple.com/newsroom/2019/09/a-message-about-ios-security/ 


You can follow @_DanielSinclair.



Bookmark

____
Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Threader is an independent project created by only two developers. The site gets 500,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Running this space is expensive and time consuming. If you find Threader useful, please consider supporting us to make it a sustainable project.