Apple Protects Chinese Citizens from the Government Attacking Their Security
Reports have been circulating about a massive piracy attack on iCloud. It is being alleged that hackers and Chinese authorities were deploying man-in-the-middle(MITM) attacks in order to compromise Apple ID’s from Chinese users that visited Apple’s iCloud website.
The latest report by the Wall Street Journal suggests that Apple has officially confirmed that it is aware of the organized attacks on its iCloud users, however their own servers have not been compromised.
“Apple is deeply committed to ‘protecting our customers privacy and security. We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser”.
Apple has come out with a support document that clearly specifies the importance of digital certificates, advising users who come across an invalid certificate alert in their web browser while visiting iCloud. The company has also issued guidelines as to how users can verify that their web browser is connected to iCloud and not a fake third party MITM website.
Apple has asked its users to make sure the green lock icon is visible and see the following message “Safari is using an encrypted connection to www.iCloud.com” when the lock icon is clicked.
But the main problem lies in the fact that users are not using secure browsers to access their cloud storage. A report indicates that many users in China access the Internet via a popular Chinese browser named Qihoo. It does not alert users when a fake site is getting their information, it rather redirects Chinese users to a fake website identical to the iCloud website. Users who eventually log into the fake site inadverently give the attackers their login and passwords that can be used to access personal information.
Chinese authorities are suspected to be a part of this attack. According to CNBC, a spokeswoman for China’s Foreign Ministry said that Beijing was “resolutely opposed” to hacking.
Chinese users are being advised to switch to secure browsers like Chrome or Firefox, or use a VPN to bypass the redirection and log in directly to iCloud. Two factor authentication is also required to be turned on as it restricts unauthorized users from logging into an iCloud account even when a username and password is compromised.