Chinese authorities are attacking users who are connecting to Apple’s iCloud website in what appears to be a surveillance push to steal users’ login credentials, according to a Chinese censorship monitoring group.
In the attack, which was first reported over the weekend, less than 24 hours after the new iPhone 6 went on sale in China, connections to iCloud.com were hijacked and stripped of the usual encryption that prevents hackers and government spies from intercepting the username and password typed by someone connecting to the site.
This is another example of what is technically known as a “man-in-the-middle” (MITM) attack, in which an attacker intercepts a connection between a user and a website in order to steal or tamper with the data being exchanged. In the past year alone, China has been accused of intercepting connections with a MITM attack against Github, Google, and, more recently, Yahoo, in what was seen as an attempt to censor information on the Hong Kong protests.
After several users reported the attack online, the anti-Chinese censorship activist group GreatFire tweeted about the MITM attack on Saturday. The group later published more details in a blog post on Monday. Continue reading →