After China's previous cyber attacks on Google, Microsoft, Yahoo! and Github, the next target for the country's authorities is Apple's iCloud.
China is currently staging a man-in-the-middle attack on the iCloud. The attack is a form of cyber eavesdropping where the hacker makes several connections between targets, relaying messages between them to make them believe that they are connected directly and privately to each other when the hacker is right between them to intercept data.
The attack was revealed by Greatfire.org, a Chinese web monitoring group that studies the censorship of the Chinese Internet, on its official blog.
Greatfire said that China's attack on Apple was launched in order to extract usernames and passwords, which would then grant access to all the data that is contained within iCloud. Included in this data are iMessages, pictures and contact details, among others.
Unlike China's attack on Google, the attack on the iCloud is staged nationwide and launched on the same day that the newest iPhone is released in the country. The attack also comes several weeks after Apple's announcement that it will begin the storage of iCloud data from users in China on servers by China Telecom.
The attacks on Yahoo! and Google allowed the authorities to determine the specific information that the Chinese authorities were looking to access. However, for the attack on the iCloud, if users would ignore the security warning, enter the Apple website, and input their login credentials, their username and password would likely be compromised.
One of the possible reasons why the Chinese government is launching this attack on iCloud is to prevent the further spread of the pictures and videos taken of the protests currently ongoing in Hong Kong, which are being shared to people living in the mainland.
To counter the attack, Chinese Internet users should first be using trusted browsers, such as Google Chrome and Mozilla Firefox, on their computers and mobile devices. These browsers will prevent users from accessing iCloud when there is a presence of a man-in-the-middle attack. The popular Chinese 360 secure browser of Qihoo will, however, directly load the page being attacked.
Users may also use a VPN or a different Internet access point, and could also activate the two-step verification feature for their respective iCloud accounts.
Independent cybersecurity experts that were consulted by Reuters confirmed the veracity of Greatfire.org's report.
"All the evidence I've seen would support that this is a real attack," said F-Secure chief research officer Mikko Hypponnen. "The Chinese government is directly attacking Chinese users of Apple's products."
