clock menu more-arrow no yes mobile

Filed under:

Hackers Target Chinese Users Accessing Apple's iCloud

Apple advises users to watch for signs that their iCloud connection is being misdirected.

As Apple launched its iPhone 6 and iPhone 6 Plus in China, users have become the target of an attack aimed at stealing their user names and passwords and snooping on their activities.

A censorship watchdog,, alleges that hackers staged a “man-in-the-middle” attack — essentially an electronic form of eavesdropping — to intercept a user’s login information when he or she attempted to access Apple’s iCloud online data storage service.

Apple said it was aware of the attacks, but said iCloud servers themselves have not been compromised.

Login information would give the hackers access to an individual’s private photos, contacts and messages stored on Apple’s iCloud servers. GreatFire points the finger at Chinese authorities, which have been accused in past attacks on Google and Yahoo. Beijing has issued statements in the past opposing cyber attacks.

“It would be a great tool for a nation state like China to track dissidents,” said Richard Stiennon, a security expert and chief research analyst at IT-Harvest.

A man-in-the-middle attack intercepts communications — in this case, between an iPhone and Apple’s secure iCloud servers, some of which have been moved to China to improve service. The hacker sits in the middle of this communication, Stiennon said, and redirects users to a third-party server used to pilfer user names and passwords.

Such an attack would be possible if the attacker controls the telecommunications networks, as is the case in China, Stiennon said.

An Apple spokesperson expressed concern about the attacks.

“We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” said spokesperson Trudy Muller. “These attacks don’t compromise iCloud servers, and they don’t impact iCloud sign-in on iOS devices or Macs running OS X Yosemite using the Safari browser.”

In response, Apple created a support document to help consumers recognize when a hacker is attempting to execute this kind of misdirection play. The telltale sign is the absence of a certificate that verifies that the site is secure (a warning message will appear, stating “Safari can’t verify the identity of the website.”).

The Chinese censorship monitoring group speculated that the attacks may have come in response to Apple’s decision to bolster security on the new iPhones.

“This increased encryption would also prevent the Chinese authorities from snooping on Apple user data,” GreatFire wrote. “This [man-in-the-middle] attack may indicate that there is at least some conflict between the Chinese authorities and Apple over some of the features on the new phone.”

Apple’s enhanced encryption has also rankled U.S. law enforcement officials, who claim the tougher security and privacy measures make it harder to solve crimes or foil terrorists. FBI Director James Comey called on Apple and Google to reverse course.

This article originally appeared on

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.