The Chinese authorities are staging a “man-in-the-middle” attack on Apple’s iCloud service in an attempt to steal username and password information, according to anti-censorship watchdog group GreatFire.org.
As per Wikipedia, a man-in-the-middle attack “is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.”
GreatFire.org first noticed the apparent attack when it became aware of the fact that certain connections made to Apple’s iCloud site in China no longer responded with a trusted digital certificate, thereby risking decryption.
The website alleges that Chinese authorities are behind the hack, having previously targeted Google, Microsoft, Yahoo and Github. Attacks are made so that Chinese authorities can monitor and block certain content from users in the country, and may relate to images and videos of the current Hong Kong protests being shared on the mainland.
“This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud,” GreatFire.org wrote on Monday.
The iPhone 6 and 6 Plus recently went on sale in China, sparking huge queues around the country.
Ironically, within China it is Apple that has previously been accused of spying. In the past the Chinese media has accused Apple of using both iCloud and the “Find My iPhone” function to spy on its citizens, while Apple has also been forced to move iCloud in China over to state-run servers.
Via: PC World