Stories
Slash Boxes
Comments

SoylentNews is people

Chinese Government Launches Attack Against iCloud

posted by azrael on Tuesday October 21 2014, @11:40PM   Printer-friendly
from the less-security-please dept.

AnonTechie writes:

GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland.

The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.

Chinese iCloud users attempting to log in with Firefox and Chrome browsers would have been alerted to the fraudulent certificate. However, those using Mac OS X’s built-in iCloud login or another browser may not have been aware of the rerouting, and their iCloud credentials would have been immediately compromised. Using two-step verification would prevent the hijacking of compromised accounts.

 
This discussion has been archived. No new comments can be posted.
Chinese Government Launches Attack Against iCloud | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday October 21 2014, @11:47PM

    by Anonymous Coward on Tuesday October 21 2014, @11:47PM (#108472)

    Is underpaid Chinese labor THAT important to Apple that they can't just threaten to remove their factories from China in response to this?

  • (Score: 2) by bob_super on Wednesday October 22 2014, @12:23AM

    by bob_super (1357) on Wednesday October 22 2014, @12:23AM (#108479)

    The question is never leaving some place, but arriving at a new one...
    Making millions of devices requires a massive infrastructure, which very few other places could provide on short notice. Add the expected retaliation of the chinese government (phone import issues, component availability issues), and very few CEOs would have the balls to do such a move, even with enough billions to buy a country...

    None of that would stop the Chinese anyway, so Apple will just semi-formally disapprove, and conduct business as usual....

  • (Score: 2) by c0lo on Wednesday October 22 2014, @01:56AM

    by c0lo (156) on Wednesday October 22 2014, @01:56AM (#108500) Journal

    Is underpaid Chinese labor THAT important to Apple that they can't just threaten to remove their factories from China in response to this?

    Aren't there less costly responses? Like adjusting the "iCloud client" (or whatever is the thingie called) to detect a fraudulent certificate? Or use an alternate DNS?

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0