Hackers in China launched a massive attack on Apple’s iCloud storage service last Friday on the day that the iPhone 6 went on sale in the country, according to a report by cyber security and censorship blog GreatFire.org.
The attack would mean that anyone using the iCloud service in China would be in danger of having their username and password passed on to “the Chinese authorities” alongside their messages, photos, contact list and any other information on their iPhone.
The co-founder of GreatFire Charlie Smith wrote that the breach came via a “man-in-the-middle” attack in which users are tricked into thinking they are accessing a secure and official service (in this case iCloud) when they are actually divulging their information to the hackers.
“We know that the attack point is the Chinese internet backbone and that it is nationwide, which would lead us to be 100 per cent sure that this is again the work of the Chinese authorities,” Smith told the South China Morning Post. “Only Chinese [ISPs] and the government have access to the backbone.”
Apple has not issued any comment regarding the report but respected security engineer Mikko Hypponnen, chief research officer at security firm F-Secure, commented that: “All the evidence I've seen would support that this is a real attack. The Chinese government is directly attacking Chinese users of Apple's products.
“As always, we recommend using the Internet over a trusted virtual private network,” Hypponnen told Reuters.
The accusation of state-sponsored hacking of iCloud is the latest incident in a troubled history of cyber-relations between China and the West, with both sides accusing the other of launching officially mandated attacks while never acknowledging their own involvement.
The involvement of the Apple is notable however as it combines with China’s well established hostility to the company. State-run TV network CCTV has labelled the iPhone’s tracking capabilities a threat to national security while it’s been reported that the launch of the iPhone 6 in the country was delayed by “resistance” from the Ministry of Industry and Information Technology”.