GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland.
The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.
Chinese iCloud users attempting to log in with Firefox and Chrome browsers would have been alerted to the fraudulent certificate. However, those using Mac OS X’s built-in iCloud login or another browser may not have been aware of the rerouting, and their iCloud credentials would have been immediately compromised. Using two-step verification would prevent the hijacking of compromised accounts.
(Score: 0) by Anonymous Coward on Tuesday October 21 2014, @11:47PM
Is underpaid Chinese labor THAT important to Apple that they can't just threaten to remove their factories from China in response to this?
(Score: 2) by bob_super on Wednesday October 22 2014, @12:23AM
The question is never leaving some place, but arriving at a new one...
Making millions of devices requires a massive infrastructure, which very few other places could provide on short notice. Add the expected retaliation of the chinese government (phone import issues, component availability issues), and very few CEOs would have the balls to do such a move, even with enough billions to buy a country...
None of that would stop the Chinese anyway, so Apple will just semi-formally disapprove, and conduct business as usual....
(Score: 2) by c0lo on Wednesday October 22 2014, @01:56AM
Aren't there less costly responses? Like adjusting the "iCloud client" (or whatever is the thingie called) to detect a fraudulent certificate? Or use an alternate DNS?
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Interesting) by Jeremiah Cornelius on Wednesday October 22 2014, @12:23AM
And after all, the statements are coming from an organization run as an operation by The New America Foundation [sourcewatch.org].
I always trust information produced by shadowy, NGO think-tanks funded by the US Department of State and the usual foundation cohorts who keep NPR safe for corporatocracy. When it was made clear that they were run by Washington Post [truth-out.org] managing alumni, I abandoned care and delighted in the music of the Mighty Wurlitzer [carlbernstein.com].
Look! Eric Schmidt is the chair! Now my mind is at complete ease.
You're betting on the pantomime horse...
(Score: 2) by Nerdfest on Wednesday October 22 2014, @01:39AM
With that and Apple's security record your mind should be completely at ease then.
(Score: 0) by Anonymous Coward on Wednesday October 22 2014, @01:50AM
obviously, you mistrust the US government. can't really blame you. do you trust the chinese government more??? if not, what was the point of your post?
(Score: 2) by Jeremiah Cornelius on Wednesday October 22 2014, @02:52AM
This isn't news. It's SOP in China. Now, being spun for geopolitcal reasons - funded by a government and it's NGO "plausibly deniable" proxies. A government, mind you, who conducts the largest spying on its citizens in all human history.
You're betting on the pantomime horse...
(Score: 0) by Anonymous Coward on Wednesday October 22 2014, @01:48AM
Maybe it's affecting some users but my Chrome or Firefox didnt show anything amiss.
Also it's not just manufacturing Apple is concerned about, it's losing access to one of the biggest markets on the planet.