China has a long-standing policy of censoring the Internet activity of its citizens. Now, the country may have taken it a step further with a new strategy that targets users of Apple's data storage service iCloud.
According to privacy website Greatfire.org, the Chinese government launched a cyber attack aimed at collecting user information and monitoring the Internet activity of iCloud users.
The country's authorities were said to have launched a man-in-the-middle (MITM) attack. This type of security breach usually involves an attacker relaying messages between people and making it appear as if they are communicating through a secure connection. In reality, the hackers make independent connections with the intended victims and are in control of the whole conversation.
"This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc," the report read.
The attack is said to be happening all across China and coincides with the launch of the iPhone 6 in the country.
For the hack to take hold, users would have to ignore a security warning and enter their user information on a fake Apple website. From there, Chinese officials would have unfettered access to their personal files such as photos and messages.
Tight control of Internet access in the country is not out of the ordinary. However, there may be a new threat that has prompted officials to take a closer look at the Internet activity of its citizens. The attack may be related to the pro-democracy protests in Hong Kong.
"This latest MITM attack may be related to the increased security aspects of Apple's new iPhone. When details of the new iPhone were announced, we felt that perhaps the Chinese authorities would not allow the phone to be sold on the mainland," according to the report.
"Ironically, Apple increased the encryption aspects on the phone allegedly to prevent snooping from the NSA. However, this increased encryption would also prevent the Chinese authorities from snooping on Apple user data," it read.
Greatfire.org recommends two methods for keeping accounts secure. Browsers like Firefox and Chrome block user access to iCloud when logging on to a website compromised by an MITM attack. The report also recommends a two-step verification process for the Apple service. This is said to keep iCloud accounts secure even when they have been compromised.