The Chinese government authorities have been reported to attack users connecting to Apple’s iCloud website in a surveillance push to steal login credentials of device owners.
Greatfire.org informed Chinese state hackers conducted a massive man-in-the-middle attack campaign against Apple iCloud.com users to coincide with the launch of the smartphone.
The attack was first reported on Saturday (less than 24 hours after iPhone 6 went on sale). Connections to iCloud.com were hijacked and stripped of the usual encryption that prevents government spies and hackers in general from intercepting the credentials typed by a user connecting to the site.
People logging into iCloud’s server at 126.96.36.199 IP address had connections snooped on; Apple’s SSL certificate was swapped by attackers for a self-signed one, allowing them to decrypt in-transit data.
The man-in-the-middle attack enables attackers to intercept a connection between a user and a site to tamper or steal the data being exchanged. China has already been accused of conducting these attacks against Google, Github and Yahoo, some of which were seen as attempts to censor information.
Browsers such as Firefox and Chrome will detect the injection of invalid certificate and alert users to the vulnerability of being attacked. But popular browsers in China such as 360 Secure Browser by Chinese company Qihoo, will take the dodgy certificate without any warning.
GreatFire published more details about the attack in a blog post.
“This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc,” the group said. “Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone.”
Telecom providers or the government are the most likely source of these attacks. And it indicates that China is ready to censor the internet further. Apple has also agreed to host its iCloud servers with China Telecom: a telco service provider not noted for non-compliance with data requests made by the Chinese government.
Unlike the iCloud celebrity scandal in the US, this problem can’t be blamed on Apple, though it can raise questions about the company’s willingness to do business with entities that can easily breach security. Ironically, Apple has been previously accused of spying within China. The Chinese media made accusations of Apple utilising both Find My iPhone function and iCloud to spy on its citizens, and Apple has also been forced to move iCloud to state-run-servers as mentioned above.
Protecting yourself against the attack
There are some steps you can take to protect yourself against the man-in-the-middle attacks, such as:
• Accessing iCloud via secured browsers: Users are advised to access iCloud.com with browsers that are able to give a heads up on such attacks, such as FireFox or Chrome. In China, users can resort to VPN.
• Enable two-factor authentication: This is one of the best ways to prevent unauthorised access. It involves a password being entered for the account, followed by an SMS code that is sent to the user’s device. This needs to be entered as a second step to access the account, so unless a hacker has physical access to the device, the account won’t be accessible. To enable two-factor authentication, login to your Apple ID > select ‘Manage your Apple ID and sign in’ > select ‘Password and Security’ > under ‘two-step verification, select ‘Get Started’ and follow instructions.
• Use secure connection plugins: Browser plugins like ForceTLS and HTTPS Everywhere can help users establish a secure connection whenever the option is available.
iCloud users in China and in general should follow these best practices to minimise the chances of being spied.