iPhone 6 users in China face major threat to security
21 Oct 2014
Users of Apple's newly-released iPhone 6 in China might be faced with a major threat to their security, CBS News reported. The issue was reported first by the web site GreatFire.org, that monitors Chinese censorship.
According to the watchdog site, it appeared to be a nationwide attack on iCloud accounts aimed at making users think they were communicating with Apple when in fact they were not.
Hackers in this case set up a fake website that looked like Apple iCloud. Using the login credentials supplied by the user, the attacker was then able to steal personal information stored in iCloud.
GreatFire.org said in its blog post, the attack was what was known as a "man-in-the-middle" attack, a form of "active eavesdropping" that scooped up personal data of users without their knowledge. It alleged that Chinese authorities were behind the attack.
"This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud," the site states.
GreatFire.org also attributed recent attacks against Google and Yahoo to a Chinese government effort to snoop on what information was being accessed by users.
However, it said in its blog post, "the Apple attack is different. If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities.... This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland."
Meanwhile Sky News reported that attempts to log in to Apple's iCloud in China directed users to a fake website which might be an attempt by the state to harvest passwords.
The country's firewall was blocking all connections to Apple's log-in page and instead directing them to a dummy site that looked virtually identical.
Chrome and Firefox browser users were automatically notified that they were no longer on Apple's website, but users of Chinese browser Qihoo would see no indication of the issue.
According to commentators, if the attack was perpetrated by the Chinese state, it would be the first time it had directly targeted an Apple service.
However, according to web censorship watchdog Great Fire: "Apple has a long history of working with the Chinese authorities to self-censor content in China.
"While we worry for Chinese users who may have their accounts compromised, we are shedding no tears for the Apple executives."