Chinese authorities allegedly are using a man-in-the-middle attack to harvest Apple ID information from Chinese users visiting Apple's iCloud service, reports web censorship blog Great Fire (via The Verge). A similar attack reportedly targets Microsoft's login.live.com website.
According to Great Fire, Chinese users trying to access iCloud.com are redirected to a fake site that resembles Apple's iCloud website. While some browsers will issue a warning, popular Chinese browser Qihoo gives no indication users are entering their Apple credentials into a dummy site. Users fooled by the site may be putting their personal information at risk as attackers can then use these login details to access contacts, messages and more stored in iCloud.
This attack follows the Chinese launch of the new iPhone 6 and 6 Plus and may be related to the encryption options and increased security of Apple's iOS 8. It is possible Chinese authorities are using this hack to penalize Apple for taking extra measures that would prevent the government from snooping on phones.
Great Fire advises Chinese users to switch to a trusted browser such as Firefox and Chrome, which will warn users when they access an illegitimate site. Apple owners also can use a VPN to bypass this redirection and connect directly to iCloud.com. Two-factor authentication may also prevent attackers from accessing an iCloud account using a compromised username and password.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Article Link: Chinese Authorities Allegedly Harvesting iCloud Logins Using Redirected Dummy Site
Last edited:
