China accused of launching ‘man-in-the-middle’ attack on iCloud users

21 Oct 2014

China has been accused of launching ‘man-in-the-middle’ attacks on iCloud users to access usernames, passwords and iCloud data, such as iMessages, photos, contacts and more.

Great Fire, a non-profit organisation that monitors internet censorship in China, said the attacks – timed to coincide with the launch of iPhone 6 and iPhone 6 Plus in China this week, follows a series of similar attacks on users of Github, Google, Yahoo and Microsoft.

Man-in-the-middle attacks (MITM) are a form of eavesdropping where by victims believe they are communicating with the service of choice, in this case iCloud, when in fact the entire conversation is controlled by the attacker.

“Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone,” Great Fire explained.

“While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different.

“If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities.

“Many Apple customers use iCloud to store their personal information, including iMessages, photos and contacts. This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland,” Great Fire warned.

An attack timed to coincide with launch of new iPhone in China?

To prevent Chinese iPhone and iPad users falling victim to the man-in-the-middle attacks, Great Fire urged users to ensure they have a trusted browser like Firefox or Chrome on their desktops and mobile devices.

Great Fire said Qihoo’s popular Chinese 360 secure browser is anything but secure.

“This latest MITM attack may be related to the increased security aspects of Apple’s new iPhone.

“When details of the new iPhone were announced, we felt that perhaps that the Chinese authorities would not allow the phone to be sold on the mainland. Ironically, Apple increased the encryption aspects on the phone allegedly to prevent snooping from the NSA.

“However, this increased encryption would also prevent the Chinese authorities from snooping on Apple user data. It is unclear if Apple made changes to the iPhones they are selling in mainland China.

“However, this MITM attack may indicate that there is at least some conflict between the Chinese authorities and Apple over some of the features on the new phone,” Great Fire warned.

China security image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years