- People are roasting this ‘traditional’ take on marriage with a hilarious meme Saturday 5:17 PM
- The internet just collectively realized that the Neopets of the world must be hungry Saturday 4:00 PM
- Alt-right message board 8chan was served a search warrant Saturday 3:06 PM
- O.J. Simpson just joined Twitter in the most bizarre fashion Saturday 1:20 PM
- Prominent phone-hacking firm says it can unlock any iPhone for law enforcement Saturday 12:39 PM
- Hundreds of police officers belong to extremist Facebook groups, investigation finds Saturday 9:31 AM
- How to watch Tyson Fury vs. Tom Schwarz online Saturday 8:00 AM
- ‘Late Night’ is a disappointing, tepid comedy Saturday 7:00 AM
- How to stream ‘Love It or List It’ for free Saturday 7:00 AM
- How to watch the 2019 Concacaf Gold Cup online for free Saturday 6:55 AM
- Borderlands 3 preview suggests the aging series can still hang with the cool kids Saturday 6:30 AM
- How to stream the 2019 College World Series for free Saturday 6:00 AM
- Police try to solve domestic violence by giving victims blunt kitchen knives Friday 5:40 PM
- Privacy activist Ola Bini detained for 2 months in Ecuador without charges Friday 5:01 PM
- Twitter says suspending ‘God’ for a pro-LGBTQ tweet was an ‘error’ Friday 4:14 PM
Chinese government accused of stealing iCloud passwords
The attack sends you to a fake website.
The attack is designed to steal usernames and passwords and gain access to private data and accounts, according to a report by anti-censorship watchdogs GreatFire.org.
GreatFire, which previously broke stories about Chinese attacks on Github, Google, and Yahoo, says that Chinese authorities are staging a man-in-the-middle (MITM) attack, which redirects Apple users to a fake iCloud.com site, then prompts them to enter their username and password. Microsoft’s login.live.com is currently facing a similar attack.
Apple recently gained a lot of attention when it announced it would encrypt the new iPhone by default. F.B.I. director James Comey called the new phones “black holes.”
This new attack is the perfect example of how much Comey’s criticism omits: the phone is encrypted, but the data leaving the phone is not. Neither is iCloud, which can hold full access to contacts, photos, messages, and a variety of other personal data.
GreatFire hypothesized that this latest attack could be a direct response to Apple’s new encryption defaults.
“This attack will come as a surprise to Apple,” GreatFire asserted. “In the past, the company has had a bromance with the authorities and have blindly acquiesced when asked to remove apps from the China app store. With such a close, cozy and snuggly relationship, it is hard to imagine that the executives at Apple felt that they would get this kind of treatment in China.”
The attack affects users of China’s most popular Web browser, Qihoo’s 360 Secure Browser, which doesn’t flag the problem. Firefox and Chrome, on the other hand, immediately let users know. Users can also avoid the attack by connecting to iCloud through a Virtual Private Network (VPN).
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.