Apple iCloud users in China are not safe from the hackers — believed to be working for Chinese government — who are trying to wiretap Apple customers in the country.
Great Fire, a reputed non-profit organization that monitors Internet censorship in China, claimed that the Chinese authorities have launched a nationwide Man in the Middle (MITM) campaign against users of Apple’s iCloud service, designed to steal users' login credentials and access private data.
The attacks on the iCloud service was first reported on Saturday and come as Apple begins the official rollout of its latest launched iPhone 6 and 6 Plus on the Chinese mainland.
If we talk about less publicized but more danger, Man-in-the-Middle (MitM) attack is the most common one. By attempting MitM attack, a potential attacker could intercept users’ internet communication, steal sensitive information and even hijack sessions.
ACCESS TO CREDENTIALS AND ALL PERSONAL DATA
Using MITM attack, unknown hackers insinuated their own website, with fake certificate and Domain Name Service address for the iCloud service, between users and Apple's iCloud server, which allowed them to intercept data and potentially gain access to passwords, iMessages, photos and contacts.
However, Apple’s iCloud uses SSL security standard to encrypt the connections between its users and Apple's iCloud server, but the company’s SSL certificate is replaced by the intruders for a self-signed one that deceived Web browsers with false information, allowing the cyber criminals to decrypt the connections.
The attack on iCloud users in China is an effort to help the government bypass the enhanced security features of the latest iPhone devices by compromising their iCloud usernames and passwords and allowing the authorities to gain access to cloud-stored content such as phone backups, according to the Chinese Internet freedom advocacy group GreatFire.org.
GreatFire.org is the same group who previously reported a similar attack when Beijing apparently launched MITM attacks against Github, Google and more recently, Yahoo, in what was seen as an attempt to censor information on the Hong Kong protests.
HOW YOU CAN PROTECT YOURSELF
In order to protect yourself from personal data breach, Apple users in China are advised to visit iCloud.com only via browsers like Chrome and Firefox, as these competent browsers will detect the inappropriate certificate and flag any MITM attempts.
Using a VPN would get around the problem too, but only if you can use one safely behind the Great Firewall. Other softwares — including the popular Qihoo 360 ‘secure’ browser by Chinese biz Qihoo — will gobble up the dodgy certificate without warning.
“If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities. Many Apple customers use iCloud to store their personal information, including iMessages, photos, and contacts,” GreatFire said in a blog post. “This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.”
To aware users of the fake certs, Greatfire.og has also published the connection log, traceroutes, wirecapture data, and a copy of the dodgy certificate. Apple users are also advised to turn on the Two-step authentication on their iDevices, because using two-step verification would prevent the hijacking of the already compromised accounts.
It isn't clear that the Chinese government is behind the attacks, but it may be connected to the ongoing political protests taking place in Hong Kong.
“This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland,” Greatfire.org wrote in its blog post.
When it comes to security, Apple takes their security seriously. Apple faced series of embarrassing privacy breaches in past few months in which icloud accounts of high-profile celebrities were accessed by the intruders and some of the celebrities’ nude photos were leaked online by hackers, who posted them on different websites.
Apple has not commented on the report at time of publication, but as soon as any response from the company will be received, we’ll update the story.