China launches “Great Firewall” attack against iCloud
According to a report by web censorship watchdog Great Fire, China's infamous state firewall is performing a MITM (Man-in-the-Middle) attack against users of Apple's Cloud-based services. It is suspected the attack has been launched in response to Apple's new default encryption methods.
It is possible to circumvent the fake site using a VPN, or one of iCloud's many other IP addresses.
Since iOS 8, authorities can no longer bypass on-device encryption to gain access. The convenient timing of this attack is arising suspicion that the State-run firewall is attempting to steal as many of iCloud users’ details in order to provide complete access to their accounts; including any photos or text messages stored in the cloud.
Heading to iCloud.com using China's most popular web browser, Qihoo, will redirect the user without warning to a dummy-site which imitates Apple's site. However, using a browser such as Firefox or Chrome will display a warning message such as below:
It is possible to circumvent the fake site using a VPN, or one of iCloud's many other IP addresses. It is not recommended to enter details on iCloud.com if visiting from China, and you can help reduce the risk through use of one of the browsers mentioned earlier.
Authorities everywhere are concerned about the new lack of access to mobile devices which has - on several occasions - helped with serious prosecutions and/or implementing preventive measures.
FBI Director James Comey told reporters: "I like and believe very much that we should have to obtain a warrant from an independent judge to be able to take the content of anyone's closet or their smart phone,"
He continues: "The notion that someone would market a closet that could never be opened — even if it involves a case involving a child kidnapper and a court order — to me does not make any sense."
Of course the argument against compromisable mobile devices is the lack of legal process which is often used. NSA whistleblower, Edward Snowden, unleashed a barrage of damning revelations about the agency's PRISM program which had unparalleled access to mobile devices and was even reported to have backdoors in some of the biggest technology companies services - including Apple's.
What do you think about Apple's new security and China's alleged MITM attack? Let us know in the comments.
- » Organisations struggling with sensitive cloud data as they shun security-first approach
- » Moving from DevOps to modern ops: Why there is no room for silos when it comes to cloud security
- » Three reasons why killing passwords will improve your cloud security
- » Eradicate human error and make your cloud implementation a picnic
- » Puppet’s 2019 State of DevOps report: How security needs to fit into continuous delivery