Stories
Slash Boxes
Comments

SoylentNews is people

posted by azrael on Tuesday October 21 2014, @11:40PM   Printer-friendly
from the less-security-please dept.

GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland.

The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.

Chinese iCloud users attempting to log in with Firefox and Chrome browsers would have been alerted to the fraudulent certificate. However, those using Mac OS X’s built-in iCloud login or another browser may not have been aware of the rerouting, and their iCloud credentials would have been immediately compromised. Using two-step verification would prevent the hijacking of compromised accounts.

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by Jeremiah Cornelius on Wednesday October 22 2014, @12:23AM

    by Jeremiah Cornelius (2785) on Wednesday October 22 2014, @12:23AM (#108478) Journal

    And after all, the statements are coming from an organization run as an operation by The New America Foundation [sourcewatch.org].

    I always trust information produced by shadowy, NGO think-tanks funded by the US Department of State and the usual foundation cohorts who keep NPR safe for corporatocracy. When it was made clear that they were run by Washington Post [truth-out.org] managing alumni, I abandoned care and delighted in the music of the Mighty Wurlitzer [carlbernstein.com].

    Look! Eric Schmidt is the chair! Now my mind is at complete ease.

    --
    You're betting on the pantomime horse...
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2) by Nerdfest on Wednesday October 22 2014, @01:39AM

    by Nerdfest (80) on Wednesday October 22 2014, @01:39AM (#108494)

    With that and Apple's security record your mind should be completely at ease then.

  • (Score: 0) by Anonymous Coward on Wednesday October 22 2014, @01:50AM

    by Anonymous Coward on Wednesday October 22 2014, @01:50AM (#108497)

    obviously, you mistrust the US government. can't really blame you. do you trust the chinese government more??? if not, what was the point of your post?

    • (Score: 2) by Jeremiah Cornelius on Wednesday October 22 2014, @02:52AM

      by Jeremiah Cornelius (2785) on Wednesday October 22 2014, @02:52AM (#108513) Journal

      This isn't news. It's SOP in China. Now, being spun for geopolitcal reasons - funded by a government and it's NGO "plausibly deniable" proxies. A government, mind you, who conducts the largest spying on its citizens in all human history.

      --
      You're betting on the pantomime horse...