People trying to use Apple’s online data storage service, known as iCloud, were the target of a new attack that sought to steal users’ passwords and then spy on their activities, according to cybersecurity monitoring groups and security experts on Monday.
In a so-called “man-in-the-middle” attack, the Chinese government allegedly hijacked virtually all connections to iCloud.com from inside the country using a fake certificate.
A day later, Apple appears to have thwarted the operation with a technical fix, though the company has not confirmed whether the change was a direct response to the attacks.
It isn’t clear why this attack has taken place (and also, to be clear, it isn’t for sure that the Chinese government is behind it) but it may be connected to the ongoing political protests taking place in Hong Kong. Great Fire speculates that the timing relates to the launch of the iPhone 6 in China, which finally went on sale last week.
Earlier this month, a security firm found evidence of sophisticated iOS malware targeting unlocked iPhones in Hong Kong, while a number of pro democracy websites were hacked last week. The government has also blocked Instagram.com in China, to prevent the spread of images from the protests across the mainland, so there is an argument that it is trying to compromise iCloud accounts, which account a bevy of data including photos, messages and more, is another part of its efforts to combat the unrest.
“You think you are getting information directly from Apple, but in fact the authorities are passing information between you and Apple, and snooping on it the whole way,” said a spokesman for an independent censorship-monitoring website, GreatFire, who declined to be named because of fear of reprisal.
Apple on Tuesday acknowledged a network attack, but clarified that its iCloud servers were not breached. On a security webpage, it implied that man-in-the-middle attacks were being used to direct people to fake connections of iCloud.com, making their user names and passwords vulnerable to theft.
On the webpage, Apple explained how people could distinguish an authentic iCloud.com site from a fake one. Basically, users will receive warnings when the browser detects a fake certificate or an untrusted connection. Apple advised people to heed those warnings and avoid signing in.