Apple acknowledges reports of iCloud ‘network attacks’

apple icloud

Apple is aware of the problem, and it’s trying to help you avoid it. 

Apple on Tuesday said that it was monitoring reports of “intermittent organized network attacks” on its iCloud platform, one day after a Chinese censorship watchdog site observed attacks on iCloud that it attributed to the Chinese government.

“We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” Apple said on a help page about iCloud security. “These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.”

Anxieties about the cloud platforms of Apple and other major tech companies are running high in the aftermath of the Celebgate photo leaks. Apple quickly denied that vulnerabilities in iCloud were responsibility for the massive invasion of the celebrities’ privacy, but it later emerged that the company had been aware of security issues with the cloud platform that could have been related.

The attacks on iCloud from China were first reported by the blog Greatfire.org, which tracks the zealous Internet censorship of the regime in Beijing. The site said it had identified a “man-in-the-middle” attack on iCloud that it described as “an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc.”

The attack itself, at least as described by Greatfire.org, sounds like standard hacker fare: a site that looks like the iCloud login portal but that reports all attempted login credentials to the hackers. The fake site essentially steps into the “middle” of users’ attempts to log into Apple’s service.

Apple’s response to the report encouraged users to look for a security certificate when logging into iCloud.

“If users get an invalid certificate warning in their browser while visiting www.icloud.com, they should pay attention to the warning and not proceed,” the help page said. “Users should never enter their Apple ID or password into a website that presents a certificate warning.”


Image via Apple

Photo by Vince Alongi/Flickr (CC BY 2.0) | Remix by Fernando Alfonso III

Eric Geller

Eric Geller

Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.