Chinese Government Accused Of Apple iCloud Spying

iCloud users in China are reportedly being targeted by a Man in the Middle (MITM) attack when they attempt to log into the cloud service, with the Chinese government suspected of being the perpetrator.

China’s infamous ‘Great Firewall’ routinely blocks websites at various times, but the Great Fire Blog alleges that this is the latest in a series of MITM attacks on popular sites including Github, Google, Yahoo and Microsoft.

The blog claims that users who attempt to reach iCloud are redirected to a fake site, complete with a self-signed SSL certificate that could trick older, insecure web browsers into thinking it’s the real deal.

Chinese iCloud hack

Modern browsers like Chrome and Firefox will immediately reject self-signed certificates, but popular Chinese browsers, such as the ironically-named ‘306 Secure Browser’ will not. This means many web users will be tricked into entering their log-in details and revealing their credentials to a malicious third party.

It has been suggested that the Chinese government is carrying out the attack in order to gain information on citizens spreading photos, videos and information about pro-democracy protests in Hong Kong in the mainland or to bypass a number of encryption features in the latest version of iOS.

“While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different,” says the Great Fire Blog. “If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities.

“Many Apple customers use iCloud to store their personal information, including iMessages, photos and contacts. This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.”

Apple in China

The attack raises fresh questions about the security of iCloud following the recent hack of a number of celebrities’ accounts, although it’s important to note that both attacks have used social engineering techniques and have not exploited a technical flaw in iCloud.

In a bid to ease user concerns over US state surveillance programmes, iOS 8 encrypts personal data to the point that not even Apple would be able to access a device without the passcode. However this has also impacted any ability the Chinese government might have to snoop on its own citizens and it was thought that the iPhone 6 might even be banned in the country as a result.

It was thought that Apple might alter the version operating system released in China in a bid to appease Beijing, especially since it announced plans to hire a local manager in the country to deal with data requests on users from government, and has partnered with China Telecom to use its data centres to store iCloud data.

But this latest incident suggests this might not be the case and could indicate that Apple’s relationship with China is changing – less than a year after it finally agreed a deal to sell its smartphones in the country.

Earlier this year, the Cupertino-based company was added to a list of foreign firms deemed a security risk to the government, meaning Apple products could not be bought for government use.

Apple had not responded to TechWeekEurope‘s requests for comment at the time of publication.

Know the Chinese market? Try our China Tech Quiz!