Reports out of China claim that hackers, backed by the government, may have stolen log-in credentials to access private data of thousands of Apple iCloud users.
GreatFire.org, a reputed non-profit agency that monitors Internet censorship in China revealed that the Apple iCloud users are at the risk of being monitored by the Chinese government.
The report noted that the state-sponsored hackers have launched a nation-wide 'Man in the Middle' (MITM) campaign against users of Apple's iCloud service, designed to steal users' log-in credentials and access private data.
Co-founder of GreatFire.org Charlie Smith wrote in the blog that the iCloud leak came via an MITM attack, in which users are tricked into thinking they are accessing iCloud while in reality, they are divulging their information to the hackers.
The report in The Hacker News stated that the iCloud was first targeted by malicious attacks on on Saturday to coincide with the Apple's official of iPhone 6 and 6 Plus on the Chinese mainland.
According to GreatFire.org, the hackers wanted to assist the Chinese government to bypass the enhanced security features of the latest iPhone devices by compromising their iCloud usernames and passwords. And this in return will give the Chinese authorities full cloud-stored content such as phone back-ups and other personal data.
Though Apple is yet to issue a comment regarding the report, a well-known security engineer, Mikko Hypponnen, chief research officer at security firm F-Secure, has confirmed to Reuters that it is real cyber attack funded by Chinese government.
"All the evidence I've seen would support that this is a real attack. The Chinese government is directly attacking Chinese users of Apple's products. As always, we recommend using the Internet over a trusted virtual private network," Hypponnen said.
Earlier last month iCloud was in centre of a major controversy after thousands of nude images of Hollywood celebrities were leaked online by hackers. The celebrity nude leak, dubbed as the Fappening had targeted several celebrities such as Jennifer Lawrence, Kim Kardashian and others.
How to Protect Yourself from iCloud leak?
Apple users in China should visit iCloud.com only using competent browsers such as Chrome and Firefox that can easily detect inappropriate certificate and flag any MITM attempts.
Similarly, using a VPN would also help get around the problem. "If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities. Many Apple customers use iCloud to store their personal information, including iMessages, photos, and contacts," GreatFire.org said in a blog post.
Apple users are also advised to turn on the two-step authentication on their iDevices, as it will also prevent the hijacking of the already compromised accounts.
Reports indicate that the iCloud attack may have been backed by the government to quell the Hong Kong student protests. "This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland."
