Chinese authorities have tried to gain access to the users’ credentials held on Apple Inc’s iCloud storage and backup service, according to GreatFire, an independent Chinese censorship watchdog. With that information, a hacker can extract data such as user’s contacts, photos, messages and personal information stored in the cloud.
GreatFire.org reported earlier this week that all Chinese users who attempted to access Apple’s iCloud online data storage service were directed to a fake log-in site meant to look exactly like an Apple log-in page. Users who visited the site using Google Chrome or Firefox browsers were warned about the site’s unreliability but Qihoo, the most popular Chinese Web browser, offered no such warnings, GreatFire explained. Apple warns users to never enter their iCloud password if they see warnings about invalid digital certificates when visiting www.iCloud.com.
Known as a man-in-the-middle attack, the hack tricks users into believing that they are talking over an encrypted connection. The attack cited by GreatFire comes just as the iPhone 6 was released in China after a delay over the government’s security firms.
GreatFire said that Chinese authorities were involved in similar attacks on GitHub, Google, Yahoo and Microsoft. Chinese hackers have also been targeting large media house like The New York Times, Bloomberg and The Wall Street Journal, with the publications claiming that such attacks had the support of the Chinese government.