After attack on Chinese iCloud users, Apple issues browser security notice

Apple has provided a lesson in browser security after hackers hijack connections to iCloud.com in China.

iCloud-safari-verified
Credit: Apple

Apple has warned iCloud users what to guard against in order to avoid having their account credentials hijacked in an attack similar to the one that hit Chinese users recently.

Earlier this week a Chinese activist group greatfire.org accused the Chinese government of running a man-in-the-middle attack on iCloud users in the country, after discovering that an IP address that iCloud.com's DNS pointed to had been hijacked to redirect visitors to a bogus site.

The risk to users was that they exposed their username and passwords to whoever was behind the bogus iCloud site — that is, if they missed the warning shown by popular browsers including Internet Explorer, Chrome, Firefox, and Safari.

As ZDNet's Larry Seltzer highlighted yesterday , connections to iCloud.com are protected by SSL/TLS encryption. That connection is established with a certificate issued by a trusted certificate authority, while a fake iCloud.com certificate would be signed by the attacker. The public key cryptography checks performed by the browser will detect that the certificate was not signed by Apple, which is displayed differently in each browser.

An Apple support note updated in the wake of the report reminds users of exactly that, and includes images of what Safari, Firefox and Chrome should look like when a connection is being made to the authentic iCloud, as well as what it looks like it when one is being made to a bogus site. It also provides steps for each browser to confirm certificate information and ensure that a connection is secure.

Given the general nature of the threat, Apple doesn't explicitly mention China. However, the note has been published in both English and Chinese, and acknowledges that the company is "aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously".

As Apple's stated numerous times recently,  the company is "deeply committed to protecting our customers' privacy and security". The note also hammers home the message that "these attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser".

Responding to Greatfire's allegations, a spokeswoman for China's foreign ministry yesterday told media the government was "resolutely opposed" to hacking, while state-owned telecoms provider China Telecom said the accusation was "untrue and unfounded". The reason the carrier might be suspected is because the easiest way to pull off the type of attack described was by having inside access to an ISP.

According to Greatfire, the Chinese browser Qihoo 360 would not have flagged the bogus site to users. The attacks coincided with Apple's launch of the iPhone 6 and 6 Plus in China.

In July , Apple responded to a series of reports in Chinese state-owned TV network CCTV that claimed the iPhone posed a threat to state secrets and user privacy due to its frequent locations feature. In that case, Apple tactfully thanked CCTV for raising awareness about privacy and denied location data was being transmitted to its servers.

Read more on iCloud

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All