Chinese authorities are staging a man-in-the-middle (MITM) attack on Apple’s iCloud after previous attacks on Github, Google, Yahoo and Microsoft.
The man-in-the-middle attack is a form of spying in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking to each other.
According to Great Fire the Chinese are using their Great Firewall security system to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc.
Unlike the recent attack on Google, this attack is nationwide and appears to be after personal data. This may also related to images and videos of the Hong Kong protests being shared on the mainland.
Internet users in China should first use a trusted browser on their desktops and mobile devices. Firefox and Chrome will both prevent users from accessing iCloud.com when they are trying to access a site that is suffering from a MITM attack. Qihoo’s popular Chinese 360 secure browser loads the page without question.
Apple does provide security warnings, but users often ignore these – after all, they believe they are connecting to the Jobs’ Mob site itself and have been told that their software and system is totally secure.
In fact the Tame Apple Press claims that Apple is being targeted because it now offers encryption on the phone, which would keep the spooks out. It is better for the Chinese to steal users’ passwords so they do not have to worry about having to decode the hard-drive.