Users of the iCloud in China are the target of a “man in the middle” attack, most likely run by the Chinese state on connections passing into and out of the country, surveillance experts say.
The attack on the storage service began on Monday, the same day the iPhone 6 and 6 Plus were released in China for the first time. It intercepts data passed between the user and iCloud.com, Apple’s cloud computing service, by routing all communication between the two through a malicious third party.
Typically, iCloud.com employs the SSL Internet security protocol to establish a secure connection. To get around that, the Chinese attacker has used a self-signed certificate, which is enough to trick users of insecure browsers into thinking they have accessed the iCloud Web site through a secure connection.
“This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud, such as iMessages, photos and contacts,” the Chinese Internet freedom organization Great Fire wrote.
“If users ignored the security warning and clicked through to the Apple site, and entered their username and password, this information has now been compromised by the Chinese authorities,” it added.
The organization speculated that the attack “may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.”
SSL, or Secure Sockets Layer, the protocol used to secure iCloud, relies on certificates signed by one of a number of trusted authorities to verify that the site being connected to is not intercepted by an eavesdropper.
The attack made use of a self-signed certificate, which claims to be iCloud.com, but is not supported by a trusted third party. Most modern secure browsers will reject such certificates, but notably, 360 Secure Browser, a popular browser developed by Chinese firm Qihoo (奇虎), does not.
The “great firewall” is a notoriously imprecise censorship tool, frequently blocking sites on a piecemeal basis or allowing access for seemingly random periods of time, and the iCloud intercept is no different: The attack only occurs if users visit one particular IP address, meaning that it is possible to simply reload the site and try again.
As well as running a secure browser which will reject self-signed certificates, one way users can stay safe against attacks like this is by enabling two-step verification on their accounts. That will not stop any attacker seeing what the target looks at — the equivalent of browsing over their shoulder — but it does mean that if usernames and passwords are stolen, they cannot be used to gain access to the compromised account.
Apple declined to comment.
Among the rows of vibrators, rubber torsos and leather harnesses at a Chinese sex toys exhibition in Shanghai this weekend, the beginnings of an artificial intelligence (AI)-driven shift in the industry quietly pulsed. China manufactures about 70 percent of the world’s sex toys, most of it the “hardware” on display at the fair — whether that be technicolor tentacled dildos or hyper-realistic personalized silicone dolls. Yet smart toys have been rising in popularity for some time. Many major European and US brands already offer tech-enhanced products that can enable long-distance love, monitor well-being and even bring people one step closer to
Malaysia’s leader yesterday announced plans to build a massive semiconductor design park, aiming to boost the Southeast Asian nation’s role in the global chip industry. A prominent player in the semiconductor industry for decades, Malaysia accounts for an estimated 13 percent of global back-end manufacturing, according to German tech giant Bosch. Now it wants to go beyond production and emerge as a chip design powerhouse too, Malaysian Prime Minister Anwar Ibrahim said. “I am pleased to announce the largest IC (integrated circuit) Design Park in Southeast Asia, that will house world-class anchor tenants and collaborate with global companies such as Arm [Holdings PLC],”
Sales in the retail, and food and beverage sectors last month continued to rise, increasing 0.7 percent and 13.6 percent respectively from a year earlier, setting record highs for the month of March, the Ministry of Economic Affairs said yesterday. Sales in the wholesale sector also grew last month by 4.6 annually, mainly due to the business opportunities for emerging applications related to artificial intelligence (AI) and high-performance computing technologies, the ministry said in a report. The ministry forecast that retail, and food and beverage sales this month would retain their growth momentum as the former would benefit from Tomb Sweeping Day
TRANSFORMATION: Taiwan is now home to the largest Google hardware research and development center outside of the US, thanks to the nation’s economic policies President Tsai Ing-wen (蔡英文) yesterday attended an event marking the opening of Google’s second hardware research and development (R&D) office in Taiwan, which was held at New Taipei City’s Banciao District (板橋). This signals Taiwan’s transformation into the world’s largest Google hardware research and development center outside of the US, validating the nation’s economic policy in the past eight years, she said. The “five plus two” innovative industries policy, “six core strategic industries” initiative and infrastructure projects have grown the national industry and established resilient supply chains that withstood the COVID-19 pandemic, Tsai said. Taiwan has improved investment conditions of the domestic economy