Apple iCloud users in China are not safe from the hackers — believed to
be working for Chinese government — who are trying to wiretap Apple
customers in the country.
Great Fire, a reputed non-profit organization that monitors
Internet censorship in China, claimed that the Chinese authorities have
launched a nationwide Man in the Middle (MITM) campaign against users of Apple’s iCloud service, designed to steal users' login credentials and access private data.
MAN-IN-THE-MIDDLE ATTACK
The attacks on the iCloud service was first reported on Saturday and
come as Apple begins the official rollout of its latest launched iPhone 6
and 6 Plus on the Chinese mainland.
If we talk about less publicized but more danger, Man-in-the-Middle
(MitM) attack is the most common one. By attempting MitM attack, a
potential attacker could intercept users’ internet communication, steal
sensitive information and even hijack sessions.
ACCESS TO CREDENTIALS AND ALL PERSONAL DATA
Using MITM attack, unknown hackers insinuated their own website, with
fake certificate and Domain Name Service address for the iCloud service,
between users and Apple's iCloud server, which allowed them to
intercept data and potentially gain access to passwords, iMessages,
photos and contacts.
However, Apple’s iCloud uses SSL security standard to encrypt the
connections between its users and Apple's iCloud server, but the
company’s SSL certificate is replaced by the intruders for a self-signed
one that deceived Web browsers with false information, allowing the
cyber criminals to decrypt the connections.
The attack on iCloud users in China is an effort to help the government
bypass the enhanced security features of the latest iPhone devices by
compromising their iCloud usernames and passwords and allowing the
authorities to gain access to cloud-stored content such as phone
backups, according to the Chinese Internet freedom advocacy group
GreatFire.org.
GreatFire.org is the same group who previously reported a similar attack
when Beijing apparently launched MITM attacks against Github, Google
and more recently, Yahoo, in what was seen as an attempt to censor
information on the Hong Kong protests.
HOW YOU CAN PROTECT YOURSELF
In order to protect yourself from personal data breach, Apple users in
China are advised to visit iCloud.com only via browsers like Chrome and
Firefox, as these competent browsers will detect the inappropriate
certificate and flag any MITM attempts.
Using a VPN would get around the problem too, but only if you can use
one safely behind the Great Firewall. Other softwares — including the
popular Qihoo 360 ‘secure’ browser by Chinese biz Qihoo — will gobble up
the dodgy certificate without warning.
“If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities. Many Apple customers use iCloud to store their personal information, including iMessages, photos, and contacts,” GreatFire said in a blog post. “This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.”
To aware users of the fake certs, Greatfire.og has also published the connection log, traceroutes, wirecapture data, and a copy of the dodgy certificate.
Apple users are also advised to turn on the Two-step authentication on
their iDevices, because using two-step verification would prevent the
hijacking of the already compromised accounts.
It isn't clear that the Chinese government is behind the attacks, but it
may be connected to the ongoing political protests taking place in Hong
Kong.
“This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland,” Greatfire.org wrote in its blog post.
When it comes to security, Apple takes their security seriously. Apple
faced series of embarrassing privacy breaches in past few months in
which icloud accounts of high-profile celebrities were accessed by the
intruders and some of the celebrities’ nude photos were leaked online by hackers, who posted them on different websites.
Apple has not commented on the report at time of publication, but as
soon as any response from the company will be received, we’ll update the
story.