The Chinese government has been accused of backing cyberattacks against Apple's iCloud, initiated in order to steal user credentials.
According to a report from Chinese web monitoring group Greatfire.org, Apple's cloud backup and storage service was attacked by cybercriminals using a man-in-the-middle (MITM) attack, which slots a malicious website in between users and the iCloud server. By disrupting this connection process, Great Fire says that data could potentially be intercepted, which in turn may give hackers access to passwords, messages, photos and contacts.
While SSL certificates are used by iCloud.com to establish a secure connection, it is believed that self-signed certificates were used by the cybercriminals to trick some users — trying to connect to iCloud using insecure browsers — into thinking they accessed the service correctly.
"This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc," the group says. "Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone."
The watchdog also implies that recent attacks targeting Apple's iCloud are similar to previous attacks on Google, Yahoo and Microsoft's Hotmail services, and may be state-sponsored.
Great Fire writes:
"While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different. If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities."
The cyberattack follows an announcement by the iPad and iPhone maker that iCloud data for Chinese users will be stored on China Telecom servers. Great Fire speculates that the bid to lift user credentials and potentially steal content may be connected to "images and videos of the Hong Kong protests being shared on the mainland." In addition, this report coincides with the launch of Apple's latest iPhone in China. Great Fire says:
"Apple increased the encryption aspects on the phone allegedly to prevent snooping from the NSA. However, this increased encryption would also prevent the Chinese authorities from snooping on Apple user data. It is unclear if Apple made changes to the iPhones they are selling in mainland China. However, this MITM attack may indicate that there is at least some conflict between the Chinese authorities and Apple over some of the features on the new phone."
Great Fire recommends that Chinese users find an "undisrupted" connection to iCloud, through a VPN if possible, and also to enable two-step verification on their iCloud accounts.
Read on: In the world of security