iCloud users in China are reportedly being targeted by a Man in the Middle (MITM) attack when they attempt to log into the cloud service, with the Chinese government suspected of being the perpetrator.
China’s infamous ‘Great Firewall’ routinely blocks websites at various times, but the Great Fire Blog alleges that this is the latest in a series of MITM attacks on popular sites including Github, Google, Yahoo and Microsoft.
The blog claims that users who attempt to reach iCloud are redirected to a fake site, complete with a self-signed SSL certificate that could trick older, insecure web browsers into thinking it’s the real deal.
It has been suggested that the Chinese government is carrying out the attack in order to gain information on citizens spreading photos, videos and information about pro-democracy protests in Hong Kong in the mainland or to bypass a number of encryption features in the latest version of iOS.
“While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different,” says the Great Fire Blog. “If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities.
“Many Apple customers use iCloud to store their personal information, including iMessages, photos and contacts. This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.”
The attack raises fresh questions about the security of iCloud following the recent hack of a number of celebrities’ accounts, although it’s important to note that both attacks have used social engineering techniques and have not exploited a technical flaw in iCloud.
In a bid to ease user concerns over US state surveillance programmes, iOS 8 encrypts personal data to the point that not even Apple would be able to access a device without the passcode. However this has also impacted any ability the Chinese government might have to snoop on its own citizens and it was thought that the iPhone 6 might even be banned in the country as a result.
It was thought that Apple might alter the version operating system released in China in a bid to appease Beijing, especially since it announced plans to hire a local manager in the country to deal with data requests on users from government, and has partnered with China Telecom to use its data centres to store iCloud data.
But this latest incident suggests this might not be the case and could indicate that Apple’s relationship with China is changing – less than a year after it finally agreed a deal to sell its smartphones in the country.
Earlier this year, the Cupertino-based company was added to a list of foreign firms deemed a security risk to the government, meaning Apple products could not be bought for government use.
Apple had not responded to TechWeekEurope‘s requests for comment at the time of publication.
Know the Chinese market? Try our China Tech Quiz!
While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…
Shares in Donald Trump’s social media company rose about 16 percent after first day of…
Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…
More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…
IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…
European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks