Pando

Apple all but confirms the Chinese government's behind recent iCloud attacks

By Nathaniel Mott , written on October 22, 2014

From The News Desk

Apple has confirmed that it's aware of "intermittent organized network attacks using insecure certificates to obtain user information" from its iCloud service, after reports indicated that the Chinese government was performing man-in-the-middle attacks on people in mainland China.

The attacks were first reported by GreatFire, a watchdog site devoted to China's censorship and surveillance efforts, and later confirmed by the New York Times and other outlets. It seems that the attacks were timed to coincide with the iPhone 6 launch, making it seem more likely that the government delayed the launch to prepare its attacks and make sure foreign governments couldn't spy on its citizens, as I wrote in a post about the attacks Monday.

Despite its confirmation, Apple has not given any indication as to where the hacking campaign is taking place. Maybe the company's worried that the Chinese government will block sales of its new iPhones in the country, which has become the most important market for tech companies looking to rake in the cash. Maybe the attacks aren't restricted to China. Apple isn't saying anything either way, at least not yet.

But the company has given its users a crash course on browser security. It advises in the update confirming the attacks that consumers should use browsers that can tell when a connection to a website has been compromised, and to heed the warnings when they're displayed, especially if they're visiting a website containing information as sensitive as iCloud. (It also has a bunch of screenshots letting people know what to look for in case they aren't familiar with the warnings.)

Many people would have already been using those browsers, of course. They're some of the most popular Web browsers in the world, and Apple says that the problem doesn't affect Safari in iOS 8 and OS X Yosemite. This isn't a warning for people who use popular Western browsers -- it's a warning for consumers who use Web browsers that don't warn against such threats. As GreatFire noted in its report on the attacks, such browsers are popular in mainland China:

What should users do to counteract this attack? Internet users in China should first use a trusted browser on their desktops and mobile devices - Firefox and Chrome will both prevent users from accessing iCloud.com when they are trying to access a site that is suffering from a MITM attack. Qihoo’s popular Chinese 360 secure browser is anything but and will load the MITMed page directly.
All of which, when taken together, points towards an official confirmation of the Chinese government's efforts to steal iCloud (and Microsoft Live) login information from its citizens. Apple has all but named China as the region affected by these attacks -- now if it would just demonstrate a commitment to consumer security over government subservience it could prove that it's not going to ignore efforts to compromise its users' information once and for all.