Apple on Alert Following China Hack on iCloud

Apple on Alert Following China Hack on iCloud

The Chinese authorities are now staging a man-in-the-middle (MITM) attack on Apple's iCloud according to the independent Chinese censorship-monitoring tech site Great Fire. However, unlike the recent attack on Google, this attack is nationwide and coincides with the launch in China of the newest iPhone. While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, Great Fire says the Apple attack is different. This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, and other personal data. This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland, the site adds.

Michael Sutton, vice president for threat research at Zscaler, in a report by the New York Times, explains the how and why for the attack. Said he: "All signs point to the Chinese government's involvement. Evidence suggests this attack originated in the core backbone of the Chinese Internet and would be hard to pull off if it was not done by a central authority like the Chinese government. The Chinese government could no longer sniff traffic, so they intercepted that traffic between the browser and the iCloud server. As more sites move to encryption by default - which prevents the censorship authorities from selectively blocking access to content - the Chinese authorities will grow increasingly frustrated with their ability to censor that content. In some ways their hands are being forced. They can attempt these man-in-the-middle attacks or choose to outright block access to these sites. The more sites they block, the more they cut off the Chinese populace from the global Internet." China of course denies backing the iCloud hacking according to BBC.

Either way, to avoid man-in-the-middle type attacks like those now being staged in China, Apple has just now released an updated 'iCloud security support document' with detailed instructions on how to verify whether users are connected to the authentic iCloud website by checking the contents of the digital certificate that display on Safari, Chrome, and Firefox web browsers. In the release of the security update, Apple said it "is deeply committed to protecting our customers' privacy and security. We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser."

 

 

Tags : apple icloud apple icloud leaked apple icloud breach apple icloud hack pictures. apple icloud photos apple icloud celebrities apple icloud celebrity photos apple i cloud apple i cloud leak apple i cloud hack apple i cloud celebrity apple i cloud leaked images apple icloud apple icloud leaked apple icloud breach apple icloud hack pictures. apple icloud photos apple icloud celebrities apple icloud celebrity photos apple i cloud apple i cloud leak apple i cloud hack apple i cloud celebrity apple i cloud leaked images