China got its first official shipments of new iPhones last
week, but a new report from web censorship watchdog
Great Fire indicates Chinese users may be facing an
unpleasant surprise when they try to connect to Apple
services at large. As of last night, the Chinese firewall is
blocking all local connections to iCloud.com, redirecting
those connections to a dummy site designed to look
exactly like Apple's login page. If you're using Firefox or
Chrome, you'll land on a warning page like the one
above, but if you're using the Chinese Qihoo browser,
the most popular browser in China, you'll be routed
straight to the dummy site with no indication that it's
not being run by Apple. A similar attack is also being
leveled against Microsoft's Login.live.com
INSTEAD OF ICLOUD, USERS WERE DIRECTED TO A
DUMMY SITE
Because the attack is taking place at the level of the
Great Firewall, it seems likely that this is an attack by
Chinese authorities meant to harvest usernames and
passwords. If a user logged into the dummy site, it
would give the attackers complete access to the user's
iCloud account, including any photos or text messages
stored in the cloud. Apple also recently added default
disk encryption to iOS, a feature that drew disapproval
from the FBI and other law enforcement agencies,
leading many to speculate that this attack might be a
strike back against the company's new security efforts.
It's still possible for users to circumvent the attack and
get through to the real iCloud site unscathed. The attack
only targeted one of iCloud's many IP addresses, so
anyone routed to a different IP should reach the real
site. A VPN service can also be used to redirect users to
iCloud, provided the VPN service is not also blocked by
the Great Firewall. It's the first time China has directly
attacked an Apple service, but Great Fire also notes that
Apple has complied with the country's surveillance
requests in the past. "Apple has a long history of
working with the Chinese authorities to self-censor
content in China," Great Fire said in a statement. "While
we worry for Chinese users who may have their accounts
compromised, we are shedding no tears for the Apple
executives."
Via : The Verge
No comments:
Post a Comment