Monday, October 20, 2014

China allegedly using iCloud to secretly collect user data

Source: http://www.engadget.com/2014/10/20/china-icloud-data-attack/

Notorious for the constant surveilling and censorship of its people, the Chinese government appears to be at it again -- this time with Apple iOS users. According to a report from GreatFire.org, a website that focuses on privacy matters, China has secretly started collecting iCloud data through what's known as a "man-in-the-middle" intrusion; basically, the attacker eavesdrops by independently connecting to the user and making it seem as if it's a private connection, when, in fact, it isn't. Chinese Security expert Zhou Shuguang suggests that the network service providers are likely being told by the authorities to use fake trust certificates, making it rather easy for them to conduct these attacks.

The purported SSL attack on iCloud by China officials comes as Apple's iPhone 6 and iPhone 6 Plus have just been released in that country, where there's estimated to be upwards of 100 million people using an iPhone. At the same time, this issue is hot on the heels of Apple announcing it would begin storing personal data in servers in China, as it looked to improve cloud features like iMessage and others. Back then, Apple said all info would be encrypted, adding that data center providers were not going to "have access to the content." Still, it's unclear at the moment if that's related in any way.

We've reached out to Apple for comment on the matter and will update this story if we hear back.

Photos by Will Lipman.

Filed under: , , , ,

Comments

Via: Quartz

Source: GreatFire.org, Zhou Shuguang (Chinese)