Date
19 November 2017
A man uses his new iPhone 6 in Shanghai. The attack on iCloud allows hackers to intercept a user's password and other personal data. Photo: AFP
A man uses his new iPhone 6 in Shanghai. The attack on iCloud allows hackers to intercept a user's password and other personal data. Photo: AFP

Apple’s iCloud service in China hit by massive hacking attack

Apple’s iCloud storage service in China has been hit by a massive hacking attack, which aims to intercept the passwords and other personal data of users, a Chinese web monitoring group said, adding that it believes the Beijing government is behind the campaign.

In what is called a “man-in-the-middle” attack, the hackers interposed their own website between users and iCloud server, intercepting data and potentially gaining access to their passwords, messages and other data, Reuters reported, citing a blog post by Greatfire.org.

An Apple representative declined comment on the allegations that Beijing was trying to spy on Apple customers, but noted that the company had updated its technical support page to provide advice on how to protect against such attacks.

“We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” Apple said.

Greatfire.org, which monitors Chinese internet censorship, alleged government involvement in the attack, saying it resembled previous attacks on Google, Yahoo and Microsoft’s Hotmail.

Asked about the attack, Chinese Foreign Ministry spokesperson Hua Chunying told a daily news briefing that Beijing was “resolutely opposed” to hacking.

The attack cited by Greatfire comes several weeks after Apple said it would begin storing iCloud data for Chinese users on China Telecom (00728.HK) servers.

It also coincided with the start of iPhone 6 sales in China, which began last Friday after weeks of talks between China and Apple over what the government said were cybersecurity concerns, the report said.

Greatfire.org said the attack most likely could not have been staged without knowledge of internet providers like China Telecom, given they appeared to originate from “deep within the Chinese domestic internet backbone”.

A China Telecom spokesman said: “The accusation is untrue and unfounded.”

– Contact us at [email protected]

CG

EJI Weekly Newsletter

Please click here to unsubscribe