Tuesday, October 21, 2014 6:21:03 PM
Apple's iCloud Service Under Attack in Mainland China
Apple Inc.'s iCloud service for users in mainland China has been hit by an attack that could allow perpetrators to intercept and see usernames, passwords and other personal data, activists and security analysts said.
Though the perpetrator's identity was unclear, the attack came as tensions between the U.S. and Chinese governments have simmered over accusations of cyberespionage and hacking attacks. The online censorship watchdog GreatFire.org claimed Chinese authorities were behind the attack, though other experts said the source couldn't be determined. A spokeswoman for China's Foreign Ministry said she was unaware of the matter and reiterated Beijing's position that it opposes cyberattacks.
Apple said in a statement on its website that it is aware of "intermittent organized network attacks" aimed at obtaining user information from iCloud.com. The company added that the attacks don't compromise the company's iCloud servers and don't affect iCloud sign-in on Apple devices running its iOS mobile software or Macs running OS X Yosemite using its Safari browser.
Apple said users should not sign into iCloud.com if they receive a warning from their browser that it is not a trusted site. This suggests that the user has been compromised.
Apple did not mention China in its statement.
Concerns about the iCloud service in China began to emerge over the weekend when tech-savvy Chinese Internet users--seeing warning messages on their Internet browsers--raised suspicions in online discussion groups that the iCloud server's communications with users in China had been compromised.
Taiwan-based Chinese Internet activist Zhou Shuguang tested the service and found that communication channels between iCloud users and the iCloud server had been hijacked by an attacker in what is known as a "man-in-the-middle" tactic, Mr. Zhou said. Separately, Erik Hjelmvik, an analyst with Netresec AB, a network-security-software vendor in Sweden, said Tuesday he reviewed data posted online by Chinese Internet users and arrived at a similar conclusion.
"It's evident that it's quite massive," Mr. Hjelmvik said. He said the perpetrators were able to attack users in different parts of China who used different Internet service providers. "The attack was quite sophisticated in that they apparently have quite a huge system set up in order to be able to intercept on such a large scale."
The attack meant unauthorized parties would be able to decrypt the communication between iCloud users and the server, analysts said. This puts the iCloud users' usernames, passwords, files, pictures and contacts at risk of being seen unencrypted.
Security analysts said the attack seen in China required the perpetrator to have decent links to the country's Internet service providers. "If this is true, and given the man-in-the-middle attack being done at this level, we can assume this is not the work of a script kiddie trying to prove and boast his hacking skills," said Goh Su Gim, Asia Pacific security adviser for F-Secure, a Finnish online security firm. "The attackers are more professional in this case, and could be the work of a group, a syndicate or even nation-state sponsored."
Activists like GreatFire.org accused the Chinese government of the attack. But some security analysts raised skepticism that Beijing, with sizable resources at its disposal, would order an attack that is so easily detected.
"This doesn't seem like the sort of attack an adversary with the resources of a government would attempt, since connecting users would see a very obvious security warning from their browser. It's more likely the sort of attack you'd see from someone with limited resources," said Kevin Milner, a researcher working on Internet infrastructure security at Oxford University.
The attack is the latest blow to Apple after a leak of celebrity photos from its iCloud system last month raised concerns about whether the service provides sufficient security. Analysts pointed out that the reports of the attack surfaced around the time of the launch in China of Apple's latest iPhone, equipped with stronger encryption. In the wake of revelations by former National Security Agency contractor Edward Snowden, Apple said it would use encryption on its phones that would prevent law enforcement from retrieving data on them.
Similar attacks have been reported in recent months affecting Chinese-based users accessing Google Inc. through a particular network, as well as Microsoft Corp.'s Hotmail services. Google and Microsoft didn't respond to requests for comment.
Recent AAPL News
- Walmart Corporate Job Cuts and Office Centralization, GameStop and AMC Surge, and More News • IH Market News • 05/14/2024 11:26:02 AM
- Apple Music celebrates the greatest records ever made with the launch of inaugural 100 Best Albums list • Business Wire • 05/13/2024 01:00:00 PM
- Arm Sets 2025 Target for AI Chip Development, Amazon and Microsoft Commit Billions to French Investments, and More • IH Market News • 05/13/2024 11:16:03 AM
- Weekly Surge for Render and Toncoin, US Bancorp Expands Bitcoin ETF Investments, and More in Crypto • IH Market News • 05/10/2024 07:32:06 PM
- Novavax Surges 57% Post $1.4 Billion Sanofi Deal; Apple Boosts Data Centers with AI and Internal Chips, and More News • IH Market News • 05/10/2024 12:02:56 PM
- Bain Capital in Talks to Acquire PowerSchool; Blackstone Emerges Victorious in Hipgnosis Bidding War, and More News • IH Market News • 05/09/2024 11:53:19 AM
- Meta Platforms Expands AI Ads, Apple Boosts iPhone Shipments, and More Highlights • IH Market News • 05/08/2024 12:27:48 PM
- Apple unveils stunning new iPad Pro with the world’s most advanced display, M4 chip, and Apple Pencil Pro • Business Wire • 05/07/2024 02:37:00 PM
- Apple unveils the redesigned 11-inch and all-new 13-inch iPad Air, supercharged by the M2 chip • Business Wire • 05/07/2024 02:37:00 PM
- Apple introduces M4 chip • Business Wire • 05/07/2024 02:37:00 PM
- Final Cut Pro transforms video creation with Live Multicam on iPad and new AI features on Mac • Business Wire • 05/07/2024 02:37:00 PM
- Logic Pro takes music-making to the next level with new AI features • Business Wire • 05/07/2024 02:37:00 PM
- Tesla’s April Sales Down 18% in China, Amazon’s Multi-Billion Dollar Cloud Expansion in Singapore, and More News • IH Market News • 05/07/2024 11:44:00 AM
- Index Futures Point to Strong Monday Opening, Building on Last Week’s Gains; Oil Prices Rise • IH Market News • 05/06/2024 12:09:15 PM
- Perficient Stock Soars 52.9% Post-Acquisition; Luminar Declines 10% Amid Workforce Cutbacks, and Other News • IH Market News • 05/06/2024 12:09:00 PM
- Jobs Data, Apple Earnings Contribute To Extended Rally On Wall Street • IH Market News • 05/03/2024 08:25:49 PM
- Jobs Data, Apple Earnings May Lead To Extended Rally On Wall Street • IH Market News • 05/03/2024 01:09:33 PM
- Apple reports second quarter results • Business Wire • 05/02/2024 08:30:00 PM
- U.S. Stocks Rally Amid Easing Worries About Possible Rate Hike • IH Market News • 05/02/2024 08:20:39 PM
- Alphabet CEO’s Billion-Dollar Wealth, Microsoft’s $1.7B Indonesia Investment, and More News • IH Market News • 04/30/2024 11:58:40 AM
- Philips Stocks Soar 47% Following US Deal, Tesla Bolsters Presence in China, and More News • IH Market News • 04/29/2024 11:11:24 AM
- BHP Bids $38.8 Billion for Anglo American; Biden Unveils Historic Micron Technology Deal, and More News • IH Market News • 04/25/2024 11:48:40 AM
- Coca-Cola and Microsoft Sign Billion-Dollar Agreement, Apple Event Set for May 7, and More News • IH Market News • 04/24/2024 11:28:02 AM
- AKT Token Skyrockets on Upbit Listing, IBIT Holds Strong in Top 10 ETFs, and More Crypto News • IH Market News • 04/23/2024 04:34:08 PM
- Apple Loses Market Share in China, GM Surges in Pre-Market Following Upward Revisions for 2024 Projections, and More News • IH Market News • 04/23/2024 11:25:34 AM
FEATURED Element79 Gold Corp Reports Exceptionally High-Grade Results from Lucero • May 14, 2024 7:00 AM
Avant Technologies Equipping AI-Managed Data Center with High Performance Computing Systems • AVAI • May 10, 2024 8:00 AM
VAYK Discloses Strategic Conversation on Potential Acquisition of $4 Million Home Service Business • VAYK • May 9, 2024 9:00 AM
Bantec's Howco Awarded $4.19 Million Dollar U.S. Department of Defense Contract • BANT • May 8, 2024 10:00 AM
Element79 Gold Corp Successfully Closes Maverick Springs Option Agreement • ELEM • May 8, 2024 9:05 AM
Kona Gold Beverages, Inc. Achieves April Revenues Exceeding $586,000 • KGKG • May 8, 2024 8:30 AM