Chinese Government Accused Of Apple iCloud Spying

iCloud users in China are reportedly being targeted by a Man in the Middle (MITM) attack when they attempt to log into the cloud service, with the Chinese government suspected of being the perpetrator.

China’s infamous ‘Great Firewall’ routinely blocks websites at various times, but the Great Fire Blog alleges that this is the latest in a series of MITM attacks on popular sites including Github, Google, Yahoo and Microsoft.

The blog claims that users who attempt to reach iCloud are redirected to a fake site, complete with a self-signed SSL certificate that could trick older, insecure web browsers into thinking it’s the real deal.

Chinese iCloud hack

Modern browsers like Chrome and Firefox will immediately reject self-signed certificates, but popular Chinese browsers, such as the ironically-named ‘306 Secure Browser’ will not. This means many web users will be tricked into entering their log-in details and revealing their credentials to a malicious third party.

It has been suggested that the Chinese government is carrying out the attack in order to gain information on citizens spreading photos, videos and information about pro-democracy protests in Hong Kong in the mainland or to bypass a number of encryption features in the latest version of iOS.

“While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different,” says the Great Fire Blog. “If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities.

“Many Apple customers use iCloud to store their personal information, including iMessages, photos and contacts. This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.”

Apple in China

The attack raises fresh questions about the security of iCloud following the recent hack of a number of celebrities’ accounts, although it’s important to note that both attacks have used social engineering techniques and have not exploited a technical flaw in iCloud.

In a bid to ease user concerns over US state surveillance programmes, iOS 8 encrypts personal data to the point that not even Apple would be able to access a device without the passcode. However this has also impacted any ability the Chinese government might have to snoop on its own citizens and it was thought that the iPhone 6 might even be banned in the country as a result.

It was thought that Apple might alter the version operating system released in China in a bid to appease Beijing, especially since it announced plans to hire a local manager in the country to deal with data requests on users from government, and has partnered with China Telecom to use its data centres to store iCloud data.

But this latest incident suggests this might not be the case and could indicate that Apple’s relationship with China is changing – less than a year after it finally agreed a deal to sell its smartphones in the country.

Earlier this year, the Cupertino-based company was added to a list of foreign firms deemed a security risk to the government, meaning Apple products could not be bought for government use.

Apple had not responded to TechWeekEurope‘s requests for comment at the time of publication.

Know the Chinese market? Try our China Tech Quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

3 mins ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

23 mins ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

1 hour ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

17 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

18 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

19 hours ago