China-backed hackers may have infiltrated Apple's iCloud

Yahoo / Reuters ^ | 10-21-2014

[Citizen Zed]

Apple Inc's iCloud storage and backup service in China was attacked by hackers trying to steal user credentials, a Chinese web monitoring group said, adding that it believes the country's government is behind the campaign.

Using a method called a "man-in-the-middle" (MITM) attack, unknown hackers interposed their own website between users and Apple's iCloud server, intercepting data and potentially gaining access to passwords, iMessages, photos and contacts, Greatfire.org wrote in its blog post.

Greatfire.org, a group that conducts research on Chinese Internet censorship, alleged government involvement in the attack, saying it resembled previous attacks on Google Inc, Yahoo Inc and Microsoft Corp's Hotmail.

Two independent security experts contacted by Reuters said Greatfire's report appeared credible.

"All the evidence I've seen would support that this is a real attack," said Mikko Hypponnen, chief research officer at security software developer F-Secure. "The Chinese government is directly attacking Chinese users of Apple's products."

The attack comes several weeks after Apple said it would begin storing iCloud data for Chinese users on China Telecom servers. It also coincided with the start of iPhone 6 sales in China, which began Friday after weeks of talks between China and Apple over what the government said were cyber security concerns.

Greatfire.org said the attack most likely could not have been staged without the knowledge of Internet providers like China Telecom, given they appeared to originate from "deep within the Chinese domestic Internet backbone".

[Citizen Zed]

The Communist Party and the NSA should just yield to some world body to spy on citizens globally and more efficiently. You know, to reduce carbon emissions.

[SkyDancer]

Well whoda thunk?

[PGalt]

“The Communist Party and the NSA should just yield to some world body to spy on citizens globally and more efficiently. You know, to reduce carbon emissions.”

LOL! https://www.youtube.com/watch?v=AX8I0-VLYbQ

[Swordmaker]

A claim that a Man in the Middle Attack has intercepted data heading to China Apple's iCloud. PING!

Note, the devices DO NOT SEND UNENCRYPTED DATA, so parts of this do not ring true. It sounds more like phishing.

China did insist that Apple could NOT use their own servers but was required to use Chinese servers instead. Apple agreed, but insisted in maintaining the server level encryption with keys kept off shore. So, any data intercepts would be encrypted by the devices to 256 bits, using the users' ID passcodes entangled with hashes created by the device using the unique device UUIDs. It IS possible for a Man-in-the-Middle-Attack to spoof someone into entering their username and password. . . but Apple devices always required certificated connections to secure sites before that can be done. . . and those are pretty damn secure.

Apple China iCloud Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Cyman]

Impossible. Apple and all things Apple are omnipotent

[rlmorel]

38:43 for that kind of post to appear. You are really slipping.

[rlmorel]

Took you that long to absorb the article?

[doorgunner69]

ChiComs hacked Apple internet storage? SF’s secrets will all be exposed soon............

[jacquej]

Did you forget the /sarc?

No long-time users have ever claimed that Apple is omnipotent - it just has a solid track record of doing a better job than the others out there for most of us “folk”, who do not care to be IT gurus, or pay them to keep us up and running.

I have had very few problems with Apple products over the years, and have no plans to switch, no matter what you haters of all things Apple try to throw up in the air- it is all just gorilla dust to me.

If the day comes that someone does a better job at providing a better computer experience, I will be there in a flash. But, there is nothing better out there for the average user, whether he/she be a family or running a small business.

Obviously, those of you who love to tinker, build your own from scratch, spend hours trouble-shooting, and then brag about your geek-like arcane expertise at the local watering hole will always feel ever so superior to those of us who just want to get the job done, without all the hassle and drain on our pocket books.

[nevermorelenore]

There will come a time when the only “safe” thing to do will put your unique number right on YOU ... And I bet they already have the system in place

[dayglored]

> Impossible. Apple and all things Apple are omnipotent

Dear Apple Fan-boi Cyman,

We have the unhappy duty to inform you that your blind devotion to Apple is, in this instance, misplaced.

Unfortunately, Apple is not, in fact, "omnipotent", as that designation applies accurately only to Almighty God.

Nor, unfortunately, are "all things Apple" omnipotent. Inanimate objects cannot be "all-powerful". Only God is all-powerful.

So it is with a heavy heart that we must inform you that you are operating under a fan-boi delusion.

This condition can, fortunately, be cured, with the application of our new product, "iReality". Please proceed to the Apple Store and get some.

May the Farce be with you.

[minnesota_bound]

More naked celebs photos to be released....

[Swordmaker]

There will come a time when the only “safe” thing to do will put your unique number right on YOU ... And I bet they already have the system in place

There I draw the line. As long as that number is in my memory, I am OK with it. . . but on me, in me? NO WAY!

[Swordmaker]

Good One. Wish I had written it.

[Swordmaker]

This is all the more reason for user of Apple to set up Two-Factor ID for using iCloud. If a user has that set up, there is no way any of this could possibly work.

[Citizen Zed]

"This is all the more reason for users of Apple to set up Two-Factor ID for using iCloud. "

I've heard complaint's from Apple users that they could not restore their iCloud when they bought a new device so there is a false assumption about Apple ease of use, at least.

[Swordmaker]

I've heard complaint's from Apple users that they could not restore their iCloud when they bought a new device so there is a false assumption about Apple ease of use, at least.

It depends on how much storage they had on iCloud. If they only had 5G of storage and wanted to restore 32G of stuff on an iPhone, they aren't going to be able to do that. They should backup their iPhone to their computer. . . then when they get a new device, restore from that.

[House Atreides]

“Impossible. Apple and all things Apple are omnipotent”
****************************************************************************************************
Like moths drawn irresistibly to the light, Apple haters are drawn to Apple threads where they feel compelled to make derogatory or sarcastic comments. They apparently can't help themselves and the attraction they feel toward Apple, an attraction they struggle to counter with their negative postings. There must be a name for this psychiatric condition and for the people who suffer from it.