China hit up Apple iCloud but not for data storage, claims censorship monitor
China is being accused of playing a role in a hack on Apple's Chinese iCloud service that featured an attack to obtain user credentials, photos, messages, contacts and other sensitive information.
Censorship monitor GreatFire blew the whistle on the "man in the middle" (MITM) attack launched on Apple's Chinese servers.
As the term implies, an MITM attack spoofs a private connection and siphons off information from users unwittingly transmitting data through a third party en route to a secure site. Perpetrators of MITM attacks spoof digital certificates, which can mislead users into thinking a connection to a server is secure.
"If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities," states GreatFire.
GreatFire speculates the iCloud attacks were a response to the release of the new iPhone 6 handset in mainland China. The iPhone 6's almost impenetrable encryption may have prompted the Chinese government to take another approach to monitoring users of the smartphones, states GreatFire.
"When details of the new iPhone were announced, we felt that perhaps that the Chinese authorities would not allow the phone to be sold on the mainland," says GreatFire. "Ironically, Apple increased the encryption aspects on the phone allegedly to prevent snooping from the NSA. However, this increased encryption would also prevent the Chinese authorities from snooping on Apple user data."
China is "resolutely opposed to hacking," said the country's foreign ministry spokesperson at a news briefing, while a China Telekom spokesperson called GreatFire's allegations "untrue and unfounded."
Apple acknowledge the attack launched against its Chinese servers and restated its commitment to the security of customer's data but maintains the hacks didn't compromise any data.
"We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously," states Apple. "These attacks don't compromise iCloud servers, and they don't impact iCloud sign-in on iOS devices or Macs running OS X Yosemite using the Safari browser."
The attack on iOS users in China comes just weeks after a piece of malicious code made the rare move from Android to Apple's mobile devices. The mobile remote access Trojan was said to have initially targeted Hong Kong protesters, though the security firm that spotted the malware says the perpetrators behind the software could have bigger plans.
"Although it shows initial signs of being a targeted attack on Chinese protesters, the full extent of how Xsser mRAT is being used is anyone's guess," says Lacoon Mobile Security. "It can cross borders easily, and is possibly being operated by a Chinese-speaking entity to spy on individuals, foreign companies, or even entire governments."