iCloud's man-in-the-middle is from China -- and might work for the gub'mint

iCloud: The PRC's stamp of approval?

iCloud hacked by Chinese

Certain folks in China may be used to hearing someone breathing when they pick up their phones (party line?), but new reports suggest Apple's iCloud service is susceptible to the same level of protection by Chinese authorities. It's all true, according to China's censorship watchdog group GreatFire.

Apple meanwhile, has posted instructions to help users determine if their iCloud service has been hacked by unnamed parties.

In IT Blogwatch, bloggers see faces in the clouds.

Filling in for our humble blogwatcher Richi Jennings, is a humbler Stephen Glasskeys.

The techie skinny on the alleged hack, courtesy Darlene Storm:

The iPhone 6 launched in China [recently and its] new encryption capabilities may be behind Chinese authorities launching a man-in-the-middle attack on Apple’s iCloud.

This is not a small-scale targeted attack...but a huge-scale attack implemented on the level of the Great Firewall of China.  MORE

Michael Kan is the man (in the middle):

The man-in-the-middle attack on iCloud...was just one of several in China that have targeted U.S. websites. Starting late last month, visits to Yahoo's site from [China] were also...returning invalid digital certificates.  MORE

Apple 'splains how to check if iCloud is hacked:

Users should never enter their Apple ID or password into a website that presents a certificate warning. To verify [connections to] the authentic iCloud website, users can check the...digital certificate as shown...for Safari, Chrome, and Firefox.  MORE

Straight from the horse's mouthpiece:

"I have no information of this report yet," Chinese Foreign Ministry spokeswoman Hua Chunying said at a daily news briefing.

"China is resolutely opposed to hacker attacks in all forms and China itself is a major victim of cyber attacks," she said.   MORE

Paul Mozur, Nicole Perlroth and Brian X. Chen show us similarities between China and the U.S.:

"You think you are getting information directly from Apple, but in fact the [Chinese] authorities are...snooping on it the whole way," said a spokesman for... censorship-monitoring website, GreatFire.

Apple...said...iOS 8 included protections that made it impossible...to comply with government warrants asking for customer information.

The change prompted FBI director, James B. Comey, to [state] "Sophisticated criminals will come to count on [encryption] as means of evading detection."   MORE

Then, Tim Culpan points out five differences:

In May, U.S. prosecutors announced the indictments of five Chinese military officers for allegedly hacking into the computers of American companies, escalating tensions between the countries about cyber-security.  MORE

Meanwhile, Brian S Hall consults the I Ching:

Prediction: if Apple refuses to continue supporting Chinese govt demands re iPhone encryption, China govt hackers expose iTunes cc data.  MORE


You have been reading IT Blogwatch by Richi Jennings and Stephen Glasskeys, who curate the best bloggy bits, finest forums, and weirdest websitesÖ so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or itbw@richi.uk. Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

Copyright © 2014 IDG Communications, Inc.

Shop Tech Products at Amazon