Skip to main content

Chinese government apparently phishing iCloud account info with man-in-the-middle attack (Update: Apple confirms)

 

Update: Apple is aware of the attack, via CNBC. As expected, Apple’s own servers were not compromised.

Although unconfirmed, GreatFire is reporting that Apple is now the subject of Chinese government hacking attempts. According to the report, the government is using the institutional firewall to redirect traffic directed at iCloud.com to a fake page that resembles the iCloud.com interface almost perfectly.

Like other phishing attacks, this page is pretending to be Apple’s portal but instead intercepts entered usernames and passwords for other means. Although some browsers in China are set up to warn users about these kind of man-in-the-middle attacks, many don’t and (assumedly) many citizens disregard the warnings as the site appears quite genuine otherwise.

If true, the implications for Apple vis-a-vis Chinese relations are huge. Apple and the Chinese government have seen to have a friendly relationship in the past, so it is unclear why the government would want to ‘rock the boat’ with such an attack now. We’ll update if we hear more information or a comment from Apple on the situation.

More information about the attack, including technical logs and trace routes, can be found on the GreatFire website.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Bruno Fernandes (@Linkb8) - 10 years ago

    As you’re not reporting on the actual hacking, but are instead reporting on a report, you should really not use a headline that purports to be factual. This is especially glaring since the very first words of your post are “although unconfirmed”

    This kind of writing would receive a failing mark in grade 7.

    More important than a failing mark for a blog however is loss of readership, and this is the kind of click baiting that will drive your followers away. I’m already on the fence myself.

    • Joshua Lewis - 10 years ago

      The headline specifically says “Chinese Government APPARENTLY phishing…”

      The definition of ‘Apparently’ is “as far as one knows or can see”

      It specifically states its not absolutely true in the title, get a dictionary out before you bash people.

      • Bruno Fernandes (@Linkb8) - 10 years ago

        Sorry, apparently does not cover what this story is reporting. There is no apparent evidence to the writer. You should probably revisit your consultation of the dictionary and look up the word Engadget more aptly used, “allegedly.”

        They are not the same thing. Not by a long shot.

      • eswinson - 10 years ago

        “Allegedly” or “reportedly” or blah, blah, blah “says website…”

  2. It’s absolutely a Fake… Why did u write a news with this amount of “fakeness”?

  3. Weston - 10 years ago

    I thought it was pretty much given that the Chinese government watched everything its citizens do. I would be more surprised if the headline was “Chinese Government doesn’t spy on citizens with iCloud accounts” or something to that effect.

  4. Liam Deckham - 10 years ago

    I perceive the mandate of 9to5Mac.com is to report on all rumors. I think that this story is valid, and, as a loyal reader, I commend, and thank, 9to5Mac.com for bringing this story to my attention. Keep up the great work!

  5. Leander Yu - 10 years ago

    This is real, I found this since yesterday. Although I can’t confirm that it’s China government behind this, but connect to iCloud did show me warning about the SSL certification is incorrect.

  6. CC-Dog (@cc941201) - 10 years ago

    I’m in China, and this sounds exactly what our government does. They’ve already done that to Google.

    First, pollute DNS to resolve domain to fake IP addresses for their servers, censor the content, then proxy to the real server. It’s not Apple’s fault, rather a vulnerability in fundamental Internet protocols.

  7. puri517 - 10 years ago

    Windows so ugly! Ha

  8. vmax - 10 years ago

    My friend in China did not see this happening when they checked.

  9. mpias3785 - 10 years ago

    The US government is probably taking notes.

  10. aquaibm (@aquaibm) - 10 years ago

    What a shame to 9to5mac reporting such a unidentified political rumor!

Author

Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications