Stories
Slash Boxes
Comments

SoylentNews is people

posted by azrael on Tuesday October 21 2014, @11:40PM   Printer-friendly
from the less-security-please dept.

GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland.

The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.

Chinese iCloud users attempting to log in with Firefox and Chrome browsers would have been alerted to the fraudulent certificate. However, those using Mac OS X’s built-in iCloud login or another browser may not have been aware of the rerouting, and their iCloud credentials would have been immediately compromised. Using two-step verification would prevent the hijacking of compromised accounts.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday October 21 2014, @11:47PM

    by Anonymous Coward on Tuesday October 21 2014, @11:47PM (#108472)

    Is underpaid Chinese labor THAT important to Apple that they can't just threaten to remove their factories from China in response to this?

    • (Score: 2) by bob_super on Wednesday October 22 2014, @12:23AM

      by bob_super (1357) on Wednesday October 22 2014, @12:23AM (#108479)

      The question is never leaving some place, but arriving at a new one...
      Making millions of devices requires a massive infrastructure, which very few other places could provide on short notice. Add the expected retaliation of the chinese government (phone import issues, component availability issues), and very few CEOs would have the balls to do such a move, even with enough billions to buy a country...

      None of that would stop the Chinese anyway, so Apple will just semi-formally disapprove, and conduct business as usual....

    • (Score: 2) by c0lo on Wednesday October 22 2014, @01:56AM

      by c0lo (156) Subscriber Badge on Wednesday October 22 2014, @01:56AM (#108500) Journal

      Is underpaid Chinese labor THAT important to Apple that they can't just threaten to remove their factories from China in response to this?

      Aren't there less costly responses? Like adjusting the "iCloud client" (or whatever is the thingie called) to detect a fraudulent certificate? Or use an alternate DNS?

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
  • (Score: 3, Interesting) by Jeremiah Cornelius on Wednesday October 22 2014, @12:23AM

    by Jeremiah Cornelius (2785) on Wednesday October 22 2014, @12:23AM (#108478) Journal

    And after all, the statements are coming from an organization run as an operation by The New America Foundation [sourcewatch.org].

    I always trust information produced by shadowy, NGO think-tanks funded by the US Department of State and the usual foundation cohorts who keep NPR safe for corporatocracy. When it was made clear that they were run by Washington Post [truth-out.org] managing alumni, I abandoned care and delighted in the music of the Mighty Wurlitzer [carlbernstein.com].

    Look! Eric Schmidt is the chair! Now my mind is at complete ease.

    --
    You're betting on the pantomime horse...
    • (Score: 2) by Nerdfest on Wednesday October 22 2014, @01:39AM

      by Nerdfest (80) on Wednesday October 22 2014, @01:39AM (#108494)

      With that and Apple's security record your mind should be completely at ease then.

    • (Score: 0) by Anonymous Coward on Wednesday October 22 2014, @01:50AM

      by Anonymous Coward on Wednesday October 22 2014, @01:50AM (#108497)

      obviously, you mistrust the US government. can't really blame you. do you trust the chinese government more??? if not, what was the point of your post?

      • (Score: 2) by Jeremiah Cornelius on Wednesday October 22 2014, @02:52AM

        by Jeremiah Cornelius (2785) on Wednesday October 22 2014, @02:52AM (#108513) Journal

        This isn't news. It's SOP in China. Now, being spun for geopolitcal reasons - funded by a government and it's NGO "plausibly deniable" proxies. A government, mind you, who conducts the largest spying on its citizens in all human history.

        --
        You're betting on the pantomime horse...
  • (Score: 0) by Anonymous Coward on Wednesday October 22 2014, @01:48AM

    by Anonymous Coward on Wednesday October 22 2014, @01:48AM (#108496)

    Maybe it's affecting some users but my Chrome or Firefox didnt show anything amiss.

     

    Also it's not just manufacturing Apple is concerned about, it's losing access to one of the biggest markets on the planet.