Tuesday, October 21, 2014 6:21:03 PM
Apple's iCloud Service Under Attack in Mainland China
Apple Inc.'s iCloud service for users in mainland China has been hit by an attack that could allow perpetrators to intercept and see usernames, passwords and other personal data, activists and security analysts said.
Though the perpetrator's identity was unclear, the attack came as tensions between the U.S. and Chinese governments have simmered over accusations of cyberespionage and hacking attacks. The online censorship watchdog GreatFire.org claimed Chinese authorities were behind the attack, though other experts said the source couldn't be determined. A spokeswoman for China's Foreign Ministry said she was unaware of the matter and reiterated Beijing's position that it opposes cyberattacks.
Apple said in a statement on its website that it is aware of "intermittent organized network attacks" aimed at obtaining user information from iCloud.com. The company added that the attacks don't compromise the company's iCloud servers and don't affect iCloud sign-in on Apple devices running its iOS mobile software or Macs running OS X Yosemite using its Safari browser.
Apple said users should not sign into iCloud.com if they receive a warning from their browser that it is not a trusted site. This suggests that the user has been compromised.
Apple did not mention China in its statement.
Concerns about the iCloud service in China began to emerge over the weekend when tech-savvy Chinese Internet users--seeing warning messages on their Internet browsers--raised suspicions in online discussion groups that the iCloud server's communications with users in China had been compromised.
Taiwan-based Chinese Internet activist Zhou Shuguang tested the service and found that communication channels between iCloud users and the iCloud server had been hijacked by an attacker in what is known as a "man-in-the-middle" tactic, Mr. Zhou said. Separately, Erik Hjelmvik, an analyst with Netresec AB, a network-security-software vendor in Sweden, said Tuesday he reviewed data posted online by Chinese Internet users and arrived at a similar conclusion.
"It's evident that it's quite massive," Mr. Hjelmvik said. He said the perpetrators were able to attack users in different parts of China who used different Internet service providers. "The attack was quite sophisticated in that they apparently have quite a huge system set up in order to be able to intercept on such a large scale."
The attack meant unauthorized parties would be able to decrypt the communication between iCloud users and the server, analysts said. This puts the iCloud users' usernames, passwords, files, pictures and contacts at risk of being seen unencrypted.
Security analysts said the attack seen in China required the perpetrator to have decent links to the country's Internet service providers. "If this is true, and given the man-in-the-middle attack being done at this level, we can assume this is not the work of a script kiddie trying to prove and boast his hacking skills," said Goh Su Gim, Asia Pacific security adviser for F-Secure, a Finnish online security firm. "The attackers are more professional in this case, and could be the work of a group, a syndicate or even nation-state sponsored."
Activists like GreatFire.org accused the Chinese government of the attack. But some security analysts raised skepticism that Beijing, with sizable resources at its disposal, would order an attack that is so easily detected.
"This doesn't seem like the sort of attack an adversary with the resources of a government would attempt, since connecting users would see a very obvious security warning from their browser. It's more likely the sort of attack you'd see from someone with limited resources," said Kevin Milner, a researcher working on Internet infrastructure security at Oxford University.
The attack is the latest blow to Apple after a leak of celebrity photos from its iCloud system last month raised concerns about whether the service provides sufficient security. Analysts pointed out that the reports of the attack surfaced around the time of the launch in China of Apple's latest iPhone, equipped with stronger encryption. In the wake of revelations by former National Security Agency contractor Edward Snowden, Apple said it would use encryption on its phones that would prevent law enforcement from retrieving data on them.
Similar attacks have been reported in recent months affecting Chinese-based users accessing Google Inc. through a particular network, as well as Microsoft Corp.'s Hotmail services. Google and Microsoft didn't respond to requests for comment.
Recent AAPL News
- Form 144 - Report of proposed sale of securities • Edgar (US Regulatory) • 05/30/2024 08:14:20 PM
- Robinhood Shares Surge 3.3% on Stock Buyback Announcement; Anglo Declines BHP Deadline Extension, and More News • IH Market News • 05/29/2024 11:34:18 AM
- iPhone Sales Skyrocket in China, Nvidia Surges in Pre-Market Following xAI Fundraising, and More News • IH Market News • 05/28/2024 11:37:48 AM
- Nvidia Profits Set to Challenge Historic High Market; GE Aerospace Announces New Hires, and More News • IH Market News • 05/22/2024 10:37:09 AM
- Apple and Île-de-France Mobilités introduce Navigo card for iPhone and Apple Watch • Business Wire • 05/21/2024 03:30:00 PM
- CalPERS to Oppose Exxon Mobil Directors; Microsoft Unveils Copilot+ PCs with AI Focus, and More News • IH Market News • 05/21/2024 11:18:35 AM
- Li Auto Stocks Drop Post Earnings; Calhoun Re-elected to Boeing Board, and More News • IH Market News • 05/20/2024 11:03:22 AM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 05/17/2024 10:30:33 PM
- Chubb Stock Soars 9% with Berkshire Acquisition, AST SpaceMobile jumps 37% on AT&T deal, and More News • IH Market News • 05/16/2024 11:27:07 AM
- Apple announces new accessibility features, including Eye Tracking, Music Haptics, and Vocal Shortcuts • Business Wire • 05/15/2024 02:00:00 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 05/14/2024 10:30:21 PM
- Walmart Corporate Job Cuts and Office Centralization, GameStop and AMC Surge, and More News • IH Market News • 05/14/2024 11:26:02 AM
- Apple Music celebrates the greatest records ever made with the launch of inaugural 100 Best Albums list • Business Wire • 05/13/2024 01:00:00 PM
- Arm Sets 2025 Target for AI Chip Development, Amazon and Microsoft Commit Billions to French Investments, and More • IH Market News • 05/13/2024 11:16:03 AM
- Weekly Surge for Render and Toncoin, US Bancorp Expands Bitcoin ETF Investments, and More in Crypto • IH Market News • 05/10/2024 07:32:06 PM
- Novavax Surges 57% Post $1.4 Billion Sanofi Deal; Apple Boosts Data Centers with AI and Internal Chips, and More News • IH Market News • 05/10/2024 12:02:56 PM
- Bain Capital in Talks to Acquire PowerSchool; Blackstone Emerges Victorious in Hipgnosis Bidding War, and More News • IH Market News • 05/09/2024 11:53:19 AM
- Meta Platforms Expands AI Ads, Apple Boosts iPhone Shipments, and More Highlights • IH Market News • 05/08/2024 12:27:48 PM
- Apple unveils stunning new iPad Pro with the world’s most advanced display, M4 chip, and Apple Pencil Pro • Business Wire • 05/07/2024 02:37:00 PM
- Apple unveils the redesigned 11-inch and all-new 13-inch iPad Air, supercharged by the M2 chip • Business Wire • 05/07/2024 02:37:00 PM
- Apple introduces M4 chip • Business Wire • 05/07/2024 02:37:00 PM
- Final Cut Pro transforms video creation with Live Multicam on iPad and new AI features on Mac • Business Wire • 05/07/2024 02:37:00 PM
- Logic Pro takes music-making to the next level with new AI features • Business Wire • 05/07/2024 02:37:00 PM
- Tesla’s April Sales Down 18% in China, Amazon’s Multi-Billion Dollar Cloud Expansion in Singapore, and More News • IH Market News • 05/07/2024 11:44:00 AM
- Index Futures Point to Strong Monday Opening, Building on Last Week’s Gains; Oil Prices Rise • IH Market News • 05/06/2024 12:09:15 PM
FEATURED Element79 Gold To Provide Summary and Update on Active Exploration Program, Community Relations at RMEC on June 4 • May 30, 2024 1:18 PM
Branded Legacy Secures Exclusive Extraction Partnership with One of the World's Largest Kava Distributors and Producers • BLEG • May 30, 2024 8:30 AM
ECGI Holdings, Inc. Announces $2 Million Debt-to-Equity Conversion • ECGI • May 30, 2024 8:30 AM
North Bay Resources Reports Assays up to >25% Mg, 0.1% Ni, 0.1% Cu, 0.01% Co, 0.3 ppm Pt at Tulameen Platinum Project, British Columbia • NBRI • May 29, 2024 9:03 AM
One World Products, Inc. Issues Shareholder Update • OWPC • May 29, 2024 8:20 AM
Green Leaf Innovations, Inc. Engages Olayinka Oyebola & Co for Two-Year Audit • GRLF • May 28, 2024 8:30 AM