Chinese authorities just launched “a malicious attack on Apple” that could capture user names and passwords of anyone who logs into the iCloud from anywhere in the country, the well-respected censorship watchdog GreatFire.org reports. With that information, a hacker can view users contacts, photos, messages and personal information stored in the cloud.
China has an estimated 100 million iPhone users in China, and all of them could be vulnerable, GreatFire reports, thanks to a “man in the middle” attack that tricks users into believing they are logging into a secure connection, when they are actually logging into a Chinese government-controlled site instead. “The attack point is the Chinese internet backbone, and that it is nationwide, which would lead us to be 100 percent sure that this is again the work of the Chinese authorities,” one of the GreatFire founders told the South China Morning Post.
The scale of the potential data breach is immense—and the timing is interesting for two reasons.
First, Chinese authorities have been strictly controlling informationabout Hong Kong’s Umbrella Movement on the mainland, by reporting about the protests without actually showing any protesters, and deleting messages and posts on the demonstrations on internet searches and the messaging services Weibo and WeChat. They’ve also been detaining mainland Chinese citizens believed to be sympathetic to the protesters. Keeping an eye on Apple users’ data could certainly help with both efforts.
Secondly, sales of the iPhone 6 just began Oct. 17 after several weeks delay in China, reportedly because of “resistance” from the Ministry of Industry and Information Technology after Apple added new security features. This summer, China said the “frequent locations” feature on Apple’s new operating system could reveal “state secrets.”