Chinese authorities allegedly are using a man-in-the-middle attack to harvest Apple ID information from Chinese users visiting Apple's iCloud service, reports web censorship blog Great Fire (via The Verge). A similar attack reportedly targets Microsoft's login.live.com website.
According to Great Fire, Chinese users trying to access iCloud.com are redirected to a fake site that resembles Apple's iCloud website. While some browsers will issue a warning, popular Chinese browser Qihoo gives no indication users are entering their Apple credentials into a dummy site. Users fooled by the site may be putting their personal information at risk as attackers can then use these login details to access contacts, messages and more stored in iCloud.
Great Fire advises Chinese users to switch to a trusted browser such as Firefox and Chrome, which will warn users when they access an illegitimate site. Apple owners also can use a VPN to bypass this redirection and connect directly to iCloud.com. Two-factor authentication may also prevent attackers from accessing an iCloud account using a compromised username and password.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
According to Great Fire, Chinese users trying to access iCloud.com are redirected to a fake site that resembles Apple's iCloud website. While some browsers will issue a warning, popular Chinese browser Qihoo gives no indication users are entering their Apple credentials into a dummy site. Users fooled by the site may be putting their personal information at risk as attackers can then use these login details to access contacts, messages and more stored in iCloud.
This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc. Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone. While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different. If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities.This attack follows the Chinese launch of the new iPhone 6 and 6 Plus and may be related to the encryption options and increased security of Apple's iOS 8. It is possible Chinese authorities are using this hack to penalize Apple for taking extra measures that would prevent the government from snooping on phones.
Great Fire advises Chinese users to switch to a trusted browser such as Firefox and Chrome, which will warn users when they access an illegitimate site. Apple owners also can use a VPN to bypass this redirection and connect directly to iCloud.com. Two-factor authentication may also prevent attackers from accessing an iCloud account using a compromised username and password.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
43 comments
Apple's new high-end modular Mac Pro is set to be released in December, according to a new report from Bloomberg.
The launch timing of the Mac Pro was shared in a report on the new 16-inch...
Apple's upcoming 16-inch MacBook Pro is set to replace the current 15-inch MacBook Pro, which is priced starting at $2,399, according to a new report from Bloomberg.
The new 16-inch...
Apple in late October released a new 13.2 software update for the HomePod with a bunch of new features, but it turned out the update was bricking some HomePods.
Apple addressed the bug in an...
Walmart this week announced a new partnership with Apple, which allows the Walmart Voice Order feature to be used with Siri.
With this option, Apple users can ask Siri to add items to their...
Minecraft Earth, Microsoft's new augmented reality Minecraft game, is now available on iOS and Android devices in the United States.
Microsoft has been testing Minecraft Earth in other...
Former HBO CEO and chairman Richard Plepler is in talks with Apple about an exclusive Apple TV+ production deal, reports Deadline.
Plepler is planning to launch a production company and is...
The iOS 13.3 update that is currently available to developers and public beta testers has a new Safari feature that supports NFC, USB, and Lightning FIDO2-compliant security keys.
This option...
The Facebook for iOS app appears to be accessing the iPhone or iPad's camera in the background when the app is in use, according to multiple reports on Twitter.
The sliver of brown in this...
