According to report by Greatfire.org, Chinese authorities are staging a man-in-the-middle (MITM) attack on Apple’s iCloud, having previously succeeded in similar attacks on Github, Google, Yahoo and Microsoft. Those who aren’t aware, a MITM attack is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them falsely believe that they are talking directly over a private connection.
The malicious attack aims to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc. Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone. The source notes that while the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, “the Apple attack is different”.
“If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities. Many Apple customers use iCloud to store their personal information, including iMessages, photos and contacts. This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.
What should users do to counteract this attack? Internet users in China should first use a trusted browser on their desktops and mobile devices – Firefox and Chrome will both prevent users from accessing iCloud.com when they are trying to access a site that is suffering from a MITM attack. Qihoo’s popular Chinese 360 secure browser is anything but and will load the MITMed page directly.”
We strongly advise that all users should also enable two-step verification for their iCloud accounts. This will protect iCloud accounts from attackers even if the account password is compromised.