The Chinese government is using its “great firewall”, the system by which it censors web sites outside its jurisdiction, in order to mount “man-in-the-middle” attacks on users of Apple’s iCloud.
A similar attack has been mounted against Microsoft’s Login.live.com domain, the company’s gateway for all account logins.
That is the claim of GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system. It provided traceroutes and a “wire capture” to verify the attacks.
The attack uses a fake certificate and Domain Name Service address for the iCloud service, according to the organisation, which the most popular browser in China, Qihoo, won’t pick up. However, Chinese users attempting to log-in using Firefox, Chrome or Opera browsers would have been alerted to a fraudulent certificate.
Apple iCloud users logging-in using Mac OS X’s built-in iCloud login or another browser may not have been aware that their authentication attempt had been hijacked and re-routed, with their iCloud credentials immediately compromised. Two-step verification ought to prevent the complete hijacking of compromised accounts, however.
The attacks coincide with a democratic uprising in Hong Kong, as well the release of the new Apple iPhone 6 and 6+ phones. GreatFire.org speculates that the attack is an attempt by China’s government to get round the improved security Apple is implementing to prevent repeats of “the fappening”, the successful compromise of hundreds of celebrity iCloud accounts.
Apple recently added default disk encryption to the latest version of iOS, a feature that has been opposed by the US Federal Bureau of Investigation and other security and law enforcement agencies.
However, the Chinese government attack only targetted one of iCloud’s IP addresses and anyone routed to a different IP address ought to reach the legitimate site. Users of VPN services usabe in China should also have been unaffected.
The news raises new fears that profusion of censorship systems across the world are being – or will be – used to conduct similar authentication cracking exercises.
Greatfire.org was unsympathetic to the problems faced by Apple. “Apple has a long history of working with the Chinese authorities to self-censor content in China,” Great Fire said in a statement. “While we worry for Chinese users who may have their accounts compromised, we are shedding no tears for the Apple executives.”