China-based hackers reportedly launched a countrywide man-in-the-middle attack on Apple’s iCloud service in China on the day the iPhone 6 went on sale.
Greatfire.org claimed yesterday that Chinese authorities were behind the attack, which went after users’ personal information and was similar to attacks in China against Google and Yahoo in the past.
Greatfire.org, which monitors online censorship in China, speculated in a blog that the higher level of encryption in the iPhone 6 may have played a role in the attack.
Security expertise said the crude man-in-the-middle attack is limited to China and isn’t likely to spread to other countries.
A man-in-the-middle attack is a form of online surveillance where an attacker makes contact with two parties and relays messages between them, making them believe that they are communicating directly with each other, when in fact the connection is controlled by the attacker.
iCloud now allows two-factor authentication, which Apple added after recent high-profile hacks of celebrities’ iCloud accounts, but it isn’t yet common in China.
Ironically, last month in response to government pressure to improve security of customer data, Apple started hosting mainland users’ data on its iCloud service on China Telecom servers.
Storing data on servers based in China will help speed up delivery and improve the user experience for domestic users. But it also allows the government to demand user data stored on the local servers.
Western authorities have long accused Chinese-backed hackers of infiltrating government and corporate websites. But Chinese officials deny the government is involved in the attacks.