According to the Greatfire.org website scant days after Apple iPhones went on sale in China the Chinese government has launched a man-in-the-middle attack designed to intercept user’s iCloud account usernames and passwords.
Greatfire asserts that the Chinese government has set up a fake login site that looks exactly like the Apple iCloud login site (without the digital certificates). If users ignore the security warning and click through to the fake Apple site and enter their username and password, this information has now been compromised by the Chinese authorities.
The article on the Greatfire site states, “This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc.”
The Website has documented other attacks by the Chinese government targeting Google, Yahoo, Github and others and speculates that these latest attempts to hijack user’s iCloud accounts is related to the recent protests in Hong Kong.
It’s also quite likely that, like the U.S. police and government agencies, they are nervous about Apple (and Google’s) recent implementation of encryption by default on their devices. Neither the U.S. nor Chinese authorities want people running around willy-nilly gathering, storing or – gasp – sharing information with other people that hasn’t been sanctioned and/or sanitized for the good of the people.
It’s also a sign that it doesn’t really matter how chummy you think you might be with the Chinese powers that be, they will probably never trust anything you do or say.
As the Greatfire article says:
This episode should provide a clear warning signal to foreign companies that work with the Chinese authorities on their censorship agenda. Working with the authorities to help them prevent free access to news and information is not a guaranteed path to riches in China. If anything, cooperation with the Chinese authorities can now increasingly be labeled as the worst decision a foreign company can make. Not only will the authorities bite you in the ass, but your willingness to work with the censorship regime will lose you customers and fans worldwide.
No doubt there will be a denial (or no comment at all) from the Chinese government. In fact it will probably accuse Apple of cooking up the whole story and threaten to halt shipments of iPhones unless Apple passes more profits to a few choice politicians.
Then again, perhaps this is just an ‘innocent’ group of hackers trying to steal usernames and passwords to sell on the black market.