iCloud's man-in-the-middle is from China -- and might work for the gub'mint

iCloud: The PRC's stamp of approval?

iCloud hacked by Chinese
Credit: Apple

Certain folks in China may be used to hearing someone breathing when they pick up their phones (party line?), but new reports suggest Apple's iCloud service is susceptible to the same level of protection by Chinese authorities. It's all true, according to China's censorship watchdog group GreatFire.

Apple meanwhile, has posted instructions to help users determine if their iCloud service has been hacked by unnamed parties.

In IT Blogwatch, bloggers see faces in the clouds.

Filling in for our humble blogwatcher Richi Jennings, is a humbler Stephen Glasskeys.


The techie skinny on the alleged hack, courtesy Darlene Storm:

The iPhone 6 launched in China [recently and its] new encryption capabilities may be behind Chinese authorities launching a man-in-the-middle attack on Apple’s iCloud.

This is not a small-scale targeted attack...but a huge-scale attack implemented on the level of the Great Firewall of China.  MORE


Michael Kan is the man (in the middle):

The man-in-the-middle attack on iCloud...was just one of several in China that have targeted U.S. websites. Starting late last month, visits to Yahoo's site from [China] were also...returning invalid digital certificates.  MORE


Apple 'splains how to check if iCloud is hacked:

Users should never enter their Apple ID or password into a website that presents a certificate warning. To verify [connections to] the authentic iCloud website, users can check the...digital certificate as shown...for Safari, Chrome, and Firefox.  MORE


Straight from the horse's mouthpiece:

"I have no information of this report yet," Chinese Foreign Ministry spokeswoman Hua Chunying said at a daily news briefing.

"China is resolutely opposed to hacker attacks in all forms and China itself is a major victim of cyber attacks," she said.   MORE


Paul Mozur, Nicole Perlroth and Brian X. Chen show us similarities between China and the U.S.:

"You think you are getting information directly from Apple, but in fact the [Chinese] authorities are...snooping on it the whole way," said a spokesman for... censorship-monitoring website, GreatFire.

Apple...said...iOS 8 included protections that made it impossible...to comply with government warrants asking for customer information.

The change prompted FBI director, James B. Comey, to [state] "Sophisticated criminals will come to count on [encryption] as means of evading detection."   MORE


Then, Tim Culpan points out five differences:

In May, U.S. prosecutors announced the indictments of five Chinese military officers for allegedly hacking into the computers of American companies, escalating tensions between the countries about cyber-security.  MORE


Meanwhile, Brian S Hall consults the I Ching:

Prediction: if Apple refuses to continue supporting Chinese govt demands re iPhone encryption, China govt hackers expose iTunes cc data.  MORE

 


You have been reading IT Blogwatch by and Stephen Glasskeys, who curate the best bloggy bits, finest forums, and weirdest websitesÖ so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
From CIO: 8 Free Online Courses to Grow Your Tech Skills
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.