Oct 21 2014
Unnamed hackers have begun targeting iCloud users in mainland China with a hack attack known as “Man In The Middle”. This attack aims to steal users information when they download or upload information using iCloud.
The attacks were first revealed by Chinese activist group GreatFire.org, which said the latest efforts resemble previous attacks on Google, Yahoo, and Microsoft Hotmail. The organization has alleged that China’s government is involved in the attacks, according to Reuters.
The attacks are said to have incredibly deep access to the servers of Chinese Internet providers, leading to speculation that the government-owned companies are cooperating in the attack. Security researchers say that Greatfire.org’s claims appear to be accurate, though the Chinese government has denied the accusations.
The attacks first came to light when users in China began to receive security warnings from Apple’s iCloud service. That led Chinese Internet activist Zhou Shuguang to investigate.
According to The Wall Street Journal, Zhou found that a so-called “man-in-the-middle” attack had been implemented between iCloud users and the server where data is hosted. His findings were also corroborated by security analyst Erik Hjelmvik of Netresec AB, who called the attack “quite massive” and “sophisticated.”
Analysts who spoke with the Journal alleged that Chinese iCloud users’ data stored in the cloud, including usernames and passwords, could be at risk if the attackers can decrypt the communication between users and iCloud servers in China. However, there was no immediate evidence that the hackers have been able to decrypt the data.
And while GreatFire.org has accused the Chinese government of being volved, some critics say the fact that users are alerted of security warnings suggest attack is too easily detected for the government to have played a part.
Additional information has been provided by AppleInsider.com.