China Accused of Launching MITM Attacks Against iCloud

The Chinese authorities have launched a nationwide Man in the Middle (MITM) campaign against Apple iCloud users, designed to steal log-in credentials and access private data, a leading anti-censorship body has alleged. broke similar stories in the past when Beijing apparently launched MITM attacks against Github, Google and Yahoo.

Unlike the latter two attacks, which allowed the authorities to see what content local users were trying to access on the two sites in question, the Apple attack could provide full access to personal iMessages, photos, contacts and other data stored on iCloud.

“This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland,” wrote in a blog post.

To head off the danger of a personal data breach, Apple users should visit only via browsers like Chrome and Firefox, which will flag any MITM attempts, or do so via a VPN.

Turning on two-factor authentication will also ensure that accounts are protected even if iCloud passwords are compromised. argued that the attacks could be a response to new encryption capabilities enabled with the iPhone 6.

“When details of the new iPhone were announced, we felt that perhaps that the Chinese authorities would not allow the phone to be sold on the mainland. Ironically, Apple increased the encryption aspects on the phone allegedly to prevent snooping from the NSA. However, this increased encryption would also prevent the Chinese authorities from snooping on Apple user data,” Greatfire explained.

“It is unclear if Apple made changes to the iPhones they are selling in mainland China. However, this MITM attack may indicate that there is at least some conflict between the Chinese authorities and Apple over some of the features on the new phone.”

If the attacks are in some way connected to the recent pro-democracy protests in Hong Kong, it won’t be the first time the Chinese authorities have been implicated in using cyber attacks to covertly  monitor dissent.

At the beginning of October, it emerged that an info-stealing Remote Access Trojan (RAT) attack had been distributed “broadly” across Hong Kong, targeting iOS and Android and in the case of the latter, distributed specifically to appeal to people taking part in the Occupy Central protests.

Ironically enough, the iPhone 6 was only cleared for sale in China after the authorities forced Apple to fix three security "flaws" found in the device relating to background services.

What’s Hot on Infosecurity Magazine?