Advertisement
Advertisement
Apple
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
Apple suggested users should verify they are connecting to a legitimate iCloud server by using the security features built into Safari and other browsers. Photo: AFP

New | Apple issues China iCloud security warning

Caution urged after Chinese users report seeing warnings they had been diverted to an unauthorised website when they attempted to sign into their accounts

Apple

Apple has posted a new security warning for users of its iCloud online storage service amid reports of a concerted effort to steal passwords and other data from people who use the popular service in China.

“We’re aware of intermittent organised network attacks using insecure certificates to obtain user information, and we take this very seriously,” the computer-maker said in a post on Tuesday on its support website. The post said Apple’s own servers have not been compromised.

Apple’s post did not mention China or provide any details on the attacks. But Chinese internet users have begun seeing warnings that indicate they had been diverted to an unauthorised website when they attempted to sign into their iCloud accounts.

That kind of diversion, known to computer security experts as a “man in the middle” attack, could allow a third party to copy and steal the passwords that users enter when they think they are signing into Apple’s service. Hackers could then use the passwords to collect other data from the users’ accounts.

Chinese activists blamed the attacks on that country’s government, according to news reports and the Chinese activist website GreatFire.org, which suggested the campaign was spurred by the fact that Apple recently began selling its newest iPhone models, the iPhone 6 and 6 Plus, in China. The new smartphones have software with enhanced encryption features to protect Apple users’ data.

Apple said in its post that the attacks have not affected users who sign into iCloud from their iPhones or iPads, or on Mac computers while using the latest Mac operating system and Apple’s Safari browser. But the company suggested users should verify they are connecting to a legitimate iCloud server by using the security features built into Safari and other browsers such as Firefox and Google’s Chrome. The browsers will show a message that warns users when they are connecting to a site that doesn’t have a digital certificate verifying that it is authentic.

“If users get an invalid certificate warning in their browser while visiting www.icloud.com, they should pay attention to the warning and not proceed,” Apple said in the post.

GreatFire had earlier suggested that Chinese users of Google and Yahoo services had come under “man-in-the-middle” attacks.

A GreatFire blog post suggested that the most recent attack against iCloud services could be tied to Hong Kong’s pro-democracy demonstrations which have lasted more than three weeks. The protests also triggered the largest censorship effort so far this year on Chinese social media.

Netresec, a Swedish network security software developer, analysed the attack on Yahoo and found the attack originated in China.

In a blog post earlier this month, the company said that the primary purpose of the operation appeared not to be spying on users making random searches in China, but to “‘kill’ their connections to Yahoo when queries like ‘Umbrella Revolution’ and ‘Tiananmen Square Protests’ are observed”.

Charlie Smith, the co-founder of GreatFire.org, says there is little doubt that Chinese authorities were to blame for the latest attack on iCloud.

“We know that the attack point is the Chinese internet backbone and that it is nationwide, which would lead us to be 100 per cent sure that this is again the work of the Chinese authorities,” he said. “Only Chinese [internet service providers] and the government have access to the backbone.”

Smith said the recent series of attacks could also reflect an attempt by Chinese authorities to adapt their surveillance methods as more online services move to encrypted connections. “We expect that there will be more [“man-in-the-middle”] attacks in the near future and that they will increase in severity.”

The attacks appear unrelated to an episode last month in which hackers stole nude photos from the iCloud accounts of several US celebrities. In that case, Apple said its investigation concluded the hackers had obtained the users’ passwords through so-called “phishing attacks” or by guessing at the answers to security questions that allowed access. The company said its servers were not breached in that case.

Post