The attack is designed to steal usernames and passwords and gain access to private data and accounts, according to a report by anti-censorship watchdogs GreatFire.org.
GreatFire, which previously broke stories about Chinese attacks on Github, Google, and Yahoo, says that Chinese authorities are staging a man-in-the-middle (MITM) attack, which redirects Apple users to a fake iCloud.com site, then prompts them to enter their username and password. Microsoft’s login.live.com is currently facing a similar attack.
Apple recently gained a lot of attention when it announced it would encrypt the new iPhone by default. F.B.I. director James Comey called the new phones “black holes.”
This new attack is the perfect example of how much Comey’s criticism omits: the phone is encrypted, but the data leaving the phone is not. Neither is iCloud, which can hold full access to contacts, photos, messages, and a variety of other personal data.
GreatFire hypothesized that this latest attack could be a direct response to Apple’s new encryption defaults.
“This attack will come as a surprise to Apple,” GreatFire asserted. “In the past, the company has had a bromance with the authorities and have blindly acquiesced when asked to remove apps from the China app store. With such a close, cozy and snuggly relationship, it is hard to imagine that the executives at Apple felt that they would get this kind of treatment in China.”
The attack affects users of China’s most popular Web browser, Qihoo’s 360 Secure Browser, which doesn’t flag the problem. Firefox and Chrome, on the other hand, immediately let users know. Users can also avoid the attack by connecting to iCloud through a Virtual Private Network (VPN).