Posted on 10/20/2014 7:36:36 PM PDT by Citizen Zed
Apple Inc's iCloud storage and backup service in China was attacked by hackers trying to steal user credentials, a Chinese web monitoring group said, adding that it believes the country's government is behind the campaign.
Using a method called a "man-in-the-middle" (MITM) attack, unknown hackers interposed their own website between users and Apple's iCloud server, intercepting data and potentially gaining access to passwords, iMessages, photos and contacts, Greatfire.org wrote in its blog post.
Greatfire.org, a group that conducts research on Chinese Internet censorship, alleged government involvement in the attack, saying it resembled previous attacks on Google Inc, Yahoo Inc and Microsoft Corp's Hotmail.
Two independent security experts contacted by Reuters said Greatfire's report appeared credible.
"All the evidence I've seen would support that this is a real attack," said Mikko Hypponnen, chief research officer at security software developer F-Secure. "The Chinese government is directly attacking Chinese users of Apple's products."
The attack comes several weeks after Apple said it would begin storing iCloud data for Chinese users on China Telecom servers. It also coincided with the start of iPhone 6 sales in China, which began Friday after weeks of talks between China and Apple over what the government said were cyber security concerns.
Greatfire.org said the attack most likely could not have been staged without the knowledge of Internet providers like China Telecom, given they appeared to originate from "deep within the Chinese domestic Internet backbone".
(Excerpt) Read more at uk.news.yahoo.com ...
Well whoda thunk?
“The Communist Party and the NSA should just yield to some world body to spy on citizens globally and more efficiently. You know, to reduce carbon emissions.”
LOL! https://www.youtube.com/watch?v=AX8I0-VLYbQ
Note, the devices DO NOT SEND UNENCRYPTED DATA, so parts of this do not ring true. It sounds more like phishing.
China did insist that Apple could NOT use their own servers but was required to use Chinese servers instead. Apple agreed, but insisted in maintaining the server level encryption with keys kept off shore. So, any data intercepts would be encrypted by the devices to 256 bits, using the users' ID passcodes entangled with hashes created by the device using the unique device UUIDs. It IS possible for a Man-in-the-Middle-Attack to spoof someone into entering their username and password. . . but Apple devices always required certificated connections to secure sites before that can be done. . . and those are pretty damn secure.
If you want on or off the Mac Ping List, Freepmail me.
Impossible. Apple and all things Apple are omnipotent
38:43 for that kind of post to appear. You are really slipping.
Took you that long to absorb the article?
ChiComs hacked Apple internet storage? SF’s secrets will all be exposed soon............
Did you forget the /sarc?
No long-time users have ever claimed that Apple is omnipotent - it just has a solid track record of doing a better job than the others out there for most of us “folk”, who do not care to be IT gurus, or pay them to keep us up and running.
I have had very few problems with Apple products over the years, and have no plans to switch, no matter what you haters of all things Apple try to throw up in the air- it is all just gorilla dust to me.
If the day comes that someone does a better job at providing a better computer experience, I will be there in a flash. But, there is nothing better out there for the average user, whether he/she be a family or running a small business.
Obviously, those of you who love to tinker, build your own from scratch, spend hours trouble-shooting, and then brag about your geek-like arcane expertise at the local watering hole will always feel ever so superior to those of us who just want to get the job done, without all the hassle and drain on our pocket books.
There will come a time when the only “safe” thing to do will put your unique number right on YOU ... And I bet they already have the system in place
Dear Apple Fan-boi Cyman,
We have the unhappy duty to inform you that your blind devotion to Apple is, in this instance, misplaced.
Unfortunately, Apple is not, in fact, "omnipotent", as that designation applies accurately only to Almighty God.
Nor, unfortunately, are "all things Apple" omnipotent. Inanimate objects cannot be "all-powerful". Only God is all-powerful.
So it is with a heavy heart that we must inform you that you are operating under a fan-boi delusion.
This condition can, fortunately, be cured, with the application of our new product, "iReality". Please proceed to the Apple Store and get some.
May the Farce be with you.
More naked celebs photos to be released....
There I draw the line. As long as that number is in my memory, I am OK with it. . . but on me, in me? NO WAY!
Good One. Wish I had written it.
This is all the more reason for user of Apple to set up Two-Factor ID for using iCloud. If a user has that set up, there is no way any of this could possibly work.
It depends on how much storage they had on iCloud. If they only had 5G of storage and wanted to restore 32G of stuff on an iPhone, they aren't going to be able to do that. They should backup their iPhone to their computer. . . then when they get a new device, restore from that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.