This article is more than 1 year old

China is ALREADY spying on Apple iCloud users, claims watchdog

Attack harvests users' info at iPhone 6 launch

Last week Apple CEO Tim Cook was very happy that the iPhone 6 is at last going on sale in China. But it seems the Chinese government has its own plans for owners of the new device.

According to censorship watchdog Greatfire.org, Chinese state hackers began staging a massive man-in-the-middle attack against Apple iCloud.com users to coincide with the smartphone's launch.

It's reported that people in China who try to log into iCloud.com's server at 23.59.94.46 will have their connections intercepted and snooped on, revealing passwords and other sensitive information to hackers. iCloud uses SSL to encrypt these connections, but Apple's SSL certificate is swapped by the eavesdroppers for a self-signed one, allowing the miscreants to decrypt the in-transit data.

Competent browsers, such as Firefox and Chrome, will detect the inappropriate certificate and alert users to the cyber-skulduggery. But other software, such as the popular 360 Secure Browser by Chinese biz Qihoo, will gobble up the dodgy cert without warning.

Greatfire.og has published the connection log, traceroutes, wirecapture data, and a copy of the dodgy certificate. Apple has no comment on the report at time of publication.

While the attack is only ongoing against one IP address so far, the group recommends Firefox or Chrome for accessing the iCloud website, which should detect the redirection. Using a VPN would get around the problem too, but only if you can use one safely behind the Great Firewall.

The attack may be part of an ongoing attempt to block news of student protests in Hong Kong calling for greater democracy. In July the group noted blocks on Yahoo!'s Flickr and Microsoft's OneDrive cloud storage to coincide with the first pro-democracy rallies, as well as a bar on Google searches for Tiananmen Square tidings in June.

"This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc," the group said.

"Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone."

If true, the attack would represent something of a belt-and-braces approach to monitoring iCloud users. Apple has already agreed to host its iCloud servers with China Telecom, a company not noted for noncompliance with Chinese government data requests.

The Chinese government held up the sale of the new iPhone 6 handsets, ostensibly over security concerns that the smartphones could be surveillance tools for the NSA. Apple assuaged those fears, and got clearance to go to market.

But early reports show a marked reduction in demand for Apple's high-priced iPhone (although it has been a boon for the tailoring industry) and instead Chinese buyers are focusing on Xiaomi and other locally produced handsets. ®

More about

TIP US OFF

Send us news


Other stories you might like