To coincide with the newest iPhones hitting China’s market today, the Chinese government is staging a large-scale attack on Apple and its Chinese customers that could place iCloud usernames and passwords into government hands.
The attack uses a so-called “man-in-the-middle” trick, which, in this case, leads users to believe they are logging into iCloud.com when they have actually been redirected to a look-alike page created by Chinese authorities. If a user logs into the look-alike page, the government will know their iCloud username and password and can gain access to all information stored in iCloud, including photos, iMessages, contacts, emails, and more.
GreatFire, the censorship watchdog website which first reported this hack, calls this a “malicious attack on Apple” and warns: “This episode should provide a clear warning signal to foreign companies that work with the Chinese authorities on their censorship agenda. Working with the authorities to help them prevent free access to news and information is not a guaranteed path to riches in China.”
This latest attack follows on the heels of reported hacks against the Hong Kong Umbrella Movement protests. Malicious software has been used against the protesters in the streets–by mining their jailbroken iPhones–and social news sources that Chinese consumers rely on, like Weibo and WeChat, have reportedly been scrubbed of protest imagery.
“We expect that there will be more [“man-in-the-middle”] attacks in the near future and that they will increase in severity,” GreatFire cofounder Charlie Smith told the South China Morning Post.