China attacks lead Apple to alert users on iCloud threats

iCloud logo
Image: Apple

Print

PrintPrint
Life

Read More:

22 October 2014 | 0

Apple has warned users about attacks on its iCloud website, after monitoring groups alleged that China had tried to intercept customer information from the service.

Although China was not named, Apple said it was “aware of intermittent organised network attacks” on its iCloud service that were designed to obtain user information, according to a company support page.

Apple said the iCloud servers are still secure but advised customers accessing the service to always verify that they’ve connected to an authentic iCloud website via a trusted browser.

Starting over the weekend, visits to Apple’s iCloud site in China began returning an invalid digital certificate, a sign that the connections had been tampered with using a technique known as ‘man-in-the-middle attack’, according to anti-censorship group GreatFire.org.

Such attacks involve the hacker trying to eavesdrop on the communication by tricking victims into believing they’ve visited a secure website. Once duped, the victim’s activities can be monitored.

GreatFire.org alleged that the Chinese government was behind the attack, as a way to steal username and password information from Apple’s iCloud users. But on Tuesday a spokeswoman with the Chinese Foreign Ministry said the country opposed any form of hacking.

The man-in-the-middle attack on the iCloud service was just one of several in China that have targeted US websites. Starting late last month, visits to Yahoo’s site from the country were also mysteriously returning invalid digital certificates.

Both Apple and Yahoo have declined comment.

The attack on the iCloud service came just after Apple began officially selling its iPhone 6 in mainland China. Before it launched, Apple had increased the security on its iOS software, following a request from a Chinese regulator.

Mainland China, Hong Kong and Taiwan represents Apple’s second biggest market behind the US On Tuesday, GreatFire.org said Apple had changed its domain name system in China to avoid the attack.

IDG News Service

Read More:



Leave a Reply

Back to Top ↑