iGyaan Network

Tag: Apple iCloud

  • Apple Protects Chinese Citizens from the Government Attacking Their Security

    Apple Protects Chinese Citizens from the Government Attacking Their Security

    Reports have been circulating about a massive piracy attack on iCloud. It is being alleged that hackers and Chinese authorities were deploying man-in-the-middle(MITM) attacks in order to compromise Apple ID’s from Chinese users that visited Apple’s iCloud website.

    The latest report by the Wall Street Journal suggests that Apple has officially confirmed that it is aware of the organized attacks on its iCloud users, however their own servers have not been compromised.

    “Apple is deeply committed to ‘protecting our customers privacy and security. We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser”.

    Apple has come out with a support document that clearly specifies the importance of digital certificates, advising users who come across an invalid certificate alert in their web browser while visiting iCloud. The company has also issued guidelines as to how users can verify that their web browser is connected to iCloud and not a fake third party MITM website.

    safariicloudverified-800x508

    Apple has asked its users to make sure the green lock icon is visible and see the following message “Safari is using an encrypted connection to www.iCloud.com” when the lock icon is clicked.

    But the main problem lies in the fact that users are not using secure browsers to access their cloud storage. A report indicates that many users in China access the Internet via a popular Chinese browser named Qihoo. It does not alert users when a fake site is getting their information, it rather redirects Chinese users to a fake website identical to the iCloud website. Users who eventually log into the fake site inadverently give the attackers their login and passwords that can be used to access personal information.

    Chinese authorities are suspected to be a part of this attack. According to CNBC, a spokeswoman for China’s Foreign Ministry said that Beijing was “resolutely opposed” to hacking.

    Chinese users are being advised to switch to secure browsers like Chrome or Firefox, or use a VPN to bypass the redirection and log in directly to iCloud. Two factor authentication is also required to be turned on as it restricts unauthorized users from logging into an iCloud account even when a username and password is compromised.

  • China Rages a Massive Privacy Attack on iCloud

    China Rages a Massive Privacy Attack on iCloud

    Just when Apple fans were setting up their new iPhones, they discovered that they are being misled to an identical looking page. Web censorship watchdog Great Fire is reporting that the Chinese authorities are staging a man-in-the-middle (MITM) attack on Apple’s iCloud. The attacks coincide with the new iPhone launch, thereby giving the authorities’ access to a massive number of passwords of people setting up their new phones.

    According to Wikipedia, a MITM attack is a form of active eavesdropping. The attacker makes independent connections with the victims and relays messages between them. It makes them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

    When a person tries to log into their iCloud, they are instead redirected to an identical looking page. When using a Firefox or Chrome browser, there is a warning that you are not on the authentic website, but when using China’s most popular browser, Qihoo there is no warning. Microsoft’s Live.com, Github, Google and Yahoo have also faced such attacks in the recent past.

    It is being said that this is a massive effort from the Chinese authorities to fish out usernames and passwords from a huge population. Doing so will give them access to all the data including personal documents, pictures and videos stored on the cloud. For folks who set automatic syncing to the cloud for their entire data, this news might be troublesome.

    It’s being said that the recent addition of encryption system might have attracted this unfriendly attention from the Chinese authorities. The system faced disapproval from security institutions like the FBI.

    China is infamous for censoring the internet using its giant firewall, known as Golden Shield Project or better known as the Great Firewall of China. But fishing out user information is a recent phenomenon which by the looks of it is gaining steam. There are few ways you can circumvent the impositions. The user can use a VPN service to access their real accounts just make sure that the VPN service is also not blocked by the country’s firewall.

    Internet freedom are considered a part of human rights and right to privacy is one of the cornerstones of a civilized society. But this recent surge of privacy theft should concern all.

    Here’s a TED talk by Glenn Greenwald who explains why privacy is such an essential element for our society:

iGyaan Network
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.