- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell 5 Years Ago
- Instagram expands experiment of hiding likes to 6 more countries 5 Years Ago
- Man asks woman to stop speaking Spanish on a plane—and bystanders start speaking Spanish Today 12:55 PM
- Schumer calls on FBI, FTC to investigate FaceApp Today 12:41 PM
- Netflix loses subscribers—but hopes some tentpole shows can save it Today 12:10 PM
- Man utterly roasted for saying woman can’t ask for equality in revealing clothing Today 12:07 PM
- Instagram struggles to remove photos of Bianca Devins’ dead body Today 11:14 AM
- ‘Storm Area 51’ creator says its gotten so big he’s worried about the FBI Today 10:49 AM
- Everyone loves Q baby, the baby who apparently supports QAnon Today 9:53 AM
- Thread about ‘depression meals’ is inspiring lots of relatable answers Today 9:36 AM
- How long is ‘Avengers: Infinity War’? Today 9:30 AM
- Rand Paul ripped for halting 9/11 Victim Fund re-authorization bill Today 9:18 AM
- Here’s what’s coming and going on Hulu in August 2019 Today 7:00 AM
- ‘Game of Thrones’ creators drop out of Comic-Con at last minute Today 6:38 AM
- Inside Britt McHenry’s war on women Today 6:30 AM
Apple is aware of the problem, and it’s trying to help you avoid it.
Apple on Tuesday said that it was monitoring reports of “intermittent organized network attacks” on its iCloud platform, one day after a Chinese censorship watchdog site observed attacks on iCloud that it attributed to the Chinese government.
“We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” Apple said on a help page about iCloud security. “These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”
Anxieties about the cloud platforms of Apple and other major tech companies are running high in the aftermath of the Celebgate photo leaks. Apple quickly denied that vulnerabilities in iCloud were responsibility for the massive invasion of the celebrities’ privacy, but it later emerged that the company had been aware of security issues with the cloud platform that could have been related.
The attacks on iCloud from China were first reported by the blog Greatfire.org, which tracks the zealous Internet censorship of the regime in Beijing. The site said it had identified a “man-in-the-middle” attack on iCloud that it described as “an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc.”
The attack itself, at least as described by Greatfire.org, sounds like standard hacker fare: a site that looks like the iCloud login portal but that reports all attempted login credentials to the hackers. The fake site essentially steps into the “middle” of users’ attempts to log into Apple’s service.
Apple’s response to the report encouraged users to look for a security certificate when logging into iCloud.
“If users get an invalid certificate warning in their browser while visiting www.icloud.com, they should pay attention to the warning and not proceed,” the help page said. “Users should never enter their Apple ID or password into a website that presents a certificate warning.”
Image via Apple
Photo by Vince Alongi/Flickr (CC BY 2.0) | Remix by Fernando Alfonso III
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.