Trouble is considered completely normal for Apple Inc. in China. According to security experts and cybersecurity monitoring groups, people who are trying to use Apple’s iCloud, the online data storage service of Apple were targets of a new attack that was directed at stealing their passwords in order to spy on their activities. This all began over the weekend when a large number of users in China signed into their accounts on iCloud and may have handed over their information to a third party altogether. This type of attack is often called a man-in-the-middle attack. According to an expert, the users believed that they were obtaining information from Apple. However, it was another party that was passing information between Apple and the users and snooping during the process.
The news of this weakness was revealed just as the company’s latest iteration of its iconic phone, the iPhone 6 hit Chinese stores. The late launch of the phone in China was primarily because of a month-long regulatory delay that had related to security issues of the phone. Security experts and activists have said that in their opinion the Chinese government is backing these hacking attacks because they are coming in from servers that can only be accessed by the telecommunication companies run by the state and the government.
Furthermore, these hacking attacks also bear a similarity to the recent attacks at Microsoft, Google and Yahoo that were focused on keeping track of the information that was being retrieved by users form these websites. An expert working in a security company in California said the origin of the attack could be traced to the core backbone of the Chinese Internet and would be difficult to accomplish if there wasn’t any support from the Chinese government. Furthermore, the targeting of Apple, Microsoft, Google and Yahoo also reveals another effort of the Chinese government to overcome initiatives taken by the internet companies for encrypting user data in order to keep it safe from government spying.
Security experts said that because the government was no longer able to sniff traffic, it chose to intercept the traffic between the iCloud server and the browser. Numerous web browsers such as Mozilla’s Firefox, Google’s Chrome and Apple’s Safari warned users that the encryption certificate that identifies users on the other end of the web session shouldn’t be trusted. This was a clear indication that rather than iCloud, users were inadvertently communicating with the hackers. Basically, these attackers had come in the middle of the online conversation.
It was noted that no such warning had been provided by Qihoo, a browser that’s used by Chinese internet users. As the time of the attack coincides with the release of the iPhone 6 in China, it was said that the Chinese government was attempting to obtain the sign-in data of a large number of users who will switch to the new device. However, better encryption techniques have been used in the new device to prevent government snooping, which could explain these hacking attacks.