Chinese Government Launches Attack Against iCloud Users

According to Ars Technica it seems that China is running a man-in-the-middle attack on iCloud users. They have a screenshot of this on their website, this was discovered by a group called GreatFire.org.

From the article:

GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland.

The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.

Read the full story on Ars Technica

One commenter pointed out, “That’s really not good, that the build-in iCloud login didn’t block & tell the user that it couldn’t verify the certificate properly. Especially since Apple is touting “better security”.

Another commenter touched upon the end of the trusted Internet. “Some corporate firewalls have the MITM feature where a corporate cert is used to sign a fake SSL site because they need to know everything about their employees, for whatever reason. It’s funny and worrying that China is doing this on a national scale.

I think the trusted Internet is dead. We need strong encryption on everything and operating systems need to have a cloud opt-in mechanism, instead of opt-out, so users are aware of what data can potentially leak out.”