Apple has released an updated iCloud security support document with instructions on how to avoid man-in-the-middle type attacks like those affecting customers in China reported over the past couple of days. The support site says that Apple is “deeply committed to protecting [its] customers’ privacy and security,” and that it is “aware of intermittent organized network attacks” but doesn’t specify the most recent incident in particular, nor does it mention China at all.
It does provide tips about how to ensure you’re connected to iCloud proper, and not a redirected spoof site designed to lure you into revealing your credentials. In Safari, that means validating the certificate via the green address bar title and the message revealed when you click the lock icon, and in Chrome that means check the green lock icon next to the address owner name to verity that it is indeed Apple. Apple also details the errors you’ll see if there isn’t a secure connection possible.
Apple’s iCloud service in China was targeted by an organized effort to intercept username and passwords using a ‘man-in-the-middle’ attack that injects a site masquerading as iCloud.com when users navigate to that address. The methods mentioned above won’t work in all browsers, including Qihoo 360, but users worried about falling victim should employ Firefox, Chrome or Safari to avoid the risk.
Great Fire associated the attacks with the Chinese government, but Chinese authorities later denied that claim in a briefing with journalists, despite continued claims from security experts that it likely came from government sources.
Apple’s newly issued security document obviously doesn’t constitute a statement either way on the source of the attacks, but it should help protect users concerned they might be affected. Enabling two-factor authentication on an iCloud account could also help prevent subsequent attacks, even if a user has already fallen prey to the man-in-the-middle tactics.