China’s government is being accused of trying to wiretap Apple customers in the country. Great Fire, a reputed non-profit organization that monitors Internet censorship in China, claimed today that Chinese authorities have laid a trap to snare log-in details for iCloud users via a “malicious attack.”
Great Fire said that a ‘man-in-the-middle’ attack has been set up to “gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc.” Great Fire, which previously reported a similar attack against Google in China, reported that some web browsers may trigger a warning before loading icloud.com, but others — including the popular Qihoo 360 ‘secure’ browser — do not.
Any users who click through and log-in to the affected website will need to switch on two-factor security to keep their compromised account secure.
It isn’t clear why this attack has taken place (and also, to be clear, it isn’t for sure that the Chinese government is behind it) but it may be connected to the ongoing political protests taking place in Hong Kong. Great Fire speculates that the timing relates to the launch of the iPhone 6 in China, which finally went on sale last week.
Earlier this month, a security firm found evidence of sophisticated iOS malware targeting unlocked iPhones in Hong Kong, while a number of pro democracy websites were hacked last week. The government has also blocked Instagram.com in China — to prevent the spread of images from the protests across the mainland — so there is an argument that it is trying to compromise iCloud accounts — which account a bevy of data including photos, messages and more — is another part of its efforts to combat the unrest.
That said, Apple did move to secure its data in China when it began encrypting data stored on Chinese soil for the first time. While its new encryption feature within iOS 8, which promises to thwart NSA efforts to access user data, could also make Chinese user data more secure, which in turn would massively frustrate authorities in Beijing.
Against that backdrop of increased security, Great Fire believes that “this attack may indicate that there is at least some conflict between the Chinese authorities and Apple over some of the features on the new phone.”
We’ve contacted Apple to ask whether it has any comment on this report. We’ll update this story with any response that the company provides.
Second image via Great Fire