China Rages a Massive Privacy Attack on iCloud
Just when Apple fans were setting up their new iPhones, they discovered that they are being misled to an identical looking page. Web censorship watchdog Great Fire is reporting that the Chinese authorities are staging a man-in-the-middle (MITM) attack on Apple’s iCloud. The attacks coincide with the new iPhone launch, thereby giving the authorities’ access to a massive number of passwords of people setting up their new phones.
According to Wikipedia, a MITM attack is a form of active eavesdropping. The attacker makes independent connections with the victims and relays messages between them. It makes them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.
When a person tries to log into their iCloud, they are instead redirected to an identical looking page. When using a Firefox or Chrome browser, there is a warning that you are not on the authentic website, but when using China’s most popular browser, Qihoo there is no warning. Microsoft’s Live.com, Github, Google and Yahoo have also faced such attacks in the recent past.
It is being said that this is a massive effort from the Chinese authorities to fish out usernames and passwords from a huge population. Doing so will give them access to all the data including personal documents, pictures and videos stored on the cloud. For folks who set automatic syncing to the cloud for their entire data, this news might be troublesome.
It’s being said that the recent addition of encryption system might have attracted this unfriendly attention from the Chinese authorities. The system faced disapproval from security institutions like the FBI.
China is infamous for censoring the internet using its giant firewall, known as Golden Shield Project or better known as the Great Firewall of China. But fishing out user information is a recent phenomenon which by the looks of it is gaining steam. There are few ways you can circumvent the impositions. The user can use a VPN service to access their real accounts just make sure that the VPN service is also not blocked by the country’s firewall.
Internet freedom are considered a part of human rights and right to privacy is one of the cornerstones of a civilized society. But this recent surge of privacy theft should concern all.
Here’s a TED talk by Glenn Greenwald who explains why privacy is such an essential element for our society: