Which SSL Reviews

SSL Security

Apple’s iCloud Service Attacked in China

December 3, 2014 | By  

Summary

Security experts have warned that encrypted passwords and personal information are at risk of being hacked from Apple iCloud service in mainland China. Law enforcement has a cyber issue on its hands as the service is hit by a cyber attack that could allow hackers access personal data.

Apple’s iCloud Service Under the Scanner in China

Apple’s iCloud service users in mainland China have been hit by a cyber attack that could allow hackers to intercept and steal usernames, encrypted passwords and other personal details.

Though the attacker’s identity was uncertain, the hack came as tensions between the Chinese and U.S. governments have increased over accusations of cyberespionage and cyber attacks. GreatFire.org, an online censorship firm, claimed that Chinese authorities were behind the attack, though some experts said the source could not be determined.

However, according to a  spokeswoman for China’s Foreign Ministry, the nation was unaware of the attack and  reiterated the capital’s, Beijing’s, position that it against cyber attacks.

In a statement on its site, Apple said that it is aware of the intermittent organized network attacks aimed at ascertaining user data from iCloud.com.

Apple said the attacks neither compromise the firm’s iCloud servers nor affect iCloud sign-in on Apple devices that run its iOS software or Macs that run OS X Yosemite using its Safari browser.

If users  receive a warning from their Web browser that it is not a trusted website, they should not sign into iCloud.com, says Apple. However, the tech titan did not   mention China in its statement.

Concerns about  iCloud service in China began surfacing in October 2014 when tech-savvy Web users of China raised  suspicions after seeing warning messages on their Web browsers.

The theory that iCloud server’s communications with  Internet users in China had been hacked  was the subject of online discussion.

Zhou Shuguang, a Taiwan-based Chinese Web activist,  tested the service and found the  communication channels between  iCloud users and  iCloud server had been hacked. This information hijack is now being considered as a “ man-in-the-middle” (MiTM) attac by Zhou.  Separately, analyst Erik Hjelmvika of Netresec AB, a Swedish network-security-software firm ,  said he reviewed data posted online by Chinese Web users and arrived at a similar conclusion.

According to Hjelmvika, it was evident that the attack was quite massive

He said the hackers were able to intercept users in different parts of China using different Web service providers. The cyber attack was quite advanced and apparent that attackers have quite a huge system set up to be able to siphon data on such a large scale.

The hack meant unauthorized parties would be able to intercept the communication between iCloud users and server. This puts the usernames, encrypted passwords, photos, files, contacts, and audios of  iCloud users at the risk of being seen unencrypted.

Security experts said the cyber attack seen in China required the hacker to have decent links to the nation’s Web service providers.

If this is true, and given the MiTM attack being conducted at this level, one can safely assume this is not the work of an amateur trying to prove and boast his hacking capabilities, said Goh Su Gim.  An Asia Pacific security adviser for Finnish firm F-Secure, he said hackers are more professional in this case, and could be the handiwork of a group, syndicate or even nation-state sponsored.

Some cyber activists like GreatFire.org accused the government of China for the attack, while others raised  raised skepticism about the issue.  Why would Beijing, with all its massive  resources, order a cyber attack so easily detected?

This does not seem like the sort of cyber attack a person with sizable resources of a government would try.  Since a very obvious security warning would be seen by connecting users from their browser. It is more likely the sort of an attack one would see from an adversary with limited resources.

The hack is the latest blow to Apple after the celebrity photos’ leak scandal from its iCloud system in September raised concerns about the  service’s ability to provide adequate security.

Experts point out  the reports of the cyber attack surfaced around the time of the latest iPhone ‘s,equipped with stronger encryption,  launch in China.

Following revelations by former NSA admin Edward Snowden, Apple started using encryption on its smartphones preventing law  enforcement and government from retrieving data on them.

Similar cyber attacks have been reported in recent times affecting Chinese-based users accessing Google via a particular network and Microsoft ’s Hotmail services. Google and Microsoft did not respond to the requests for comment.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in SSL Security

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory