Blog Post

China denies involvement in “man-in-the-middle” iCloud hack

China has denied having anything to do with alleged “man-in-the-middle” eavesdropping attacks on people who access their iCloud accounts in the country, with the BBC quoting a spokeswoman as saying the Chinese government is “resolutely opposed” to hacking. (You in the back, stop laughing.)

Man-in-the-middle (MITM) attacks involve attackers inserting themselves into communications between two parties, fooling those parties into thinking they’re communicating with each other when the attacker is really sitting in the middle, relaying the messages while also spying on them. Hackers can often stage MITM attacks if the victim is using public Wi-Fi, for example, but government agents can deploy such tactics more widely by tapping into core internet infrastructure.

The iCloud attack was revealed on Monday by GreatFire.org, a monitor of online censorship and surveillance in China. The organization claimed this MITM attack, through which the authorities could harvest iCloud usernames and passwords and therefore the information stored in iCloud accounts, was nationwide and timed to coincide with the launch of the iPhone 6.

GreatFire.org posted evidence of the [company]Apple[/company] attack, including details of the self-signed certificate used to perpetrate it – such certificates would set off alarms in most browsers, so victims would usually have to click through a warning to get stung. Swedish security researchers at Netresec said the information showed the fake iCloud SSL server used in the attack was only six router hops away from the victim’s browser.

“This indicates that the MITM attack is being performed within China, since we’d expect to see at least three more router hops if the packets were coming from outside China,” Netresec claimed, adding that TCP traceroutes indicated the attacks “are being performed on backbone networks belonging to China Telecom (CHINANET) as well as China Unicom.”

According to Tuesday’s BBC report, state-owned China Telecom also denied having anything to do with the MITM attacks, claiming such accusations were “untrue and unfounded.”

The Chinese government is, of course, not at all “resolutely opposed” to hacking, and neither is any other major country with something to gain from it. The Middle Kingdom is currently embroiled in a major spat with the Americans, which began when the U.S. charged several Chinese army officials with hacking U.S. businesses. The argument has occasionally threatened to harm Apple’s interests in the country, but nothing has come of it yet.

Apple recently started storing customer data on China Telecom servers, but said the data was encrypted and not accessible by the telco.

One Response to “China denies involvement in “man-in-the-middle” iCloud hack”

  1. It was an attack on people using the web, not an attack (and certainly not a “hack”) on Apple or iCloud. Apple’s webpage even warned people it was a bogus page before they entered it anyway.

    Apple tried, but one can’t always save the stupid from themselves.