IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Bogus iCloud log-in page fools Chinese Apple users

Probably not looking for nude celebs this time

Chinese hackers have launched a man-in-the-middle attack designed to intercept the usernames and passwords of Apple's iCloud users. 

According to reports from anti-censorship organisation Greatfire, the hack coincides with the launch of the Apple iPhone 6 and 6 Plus in the country.

The organisation said Chinese users that try to log into iCloud using the IP address 23.59.94.46 will see a fake login site identical to the real Apple iCloud login page. However, alarm bells should ring as the fake site throws up a few security warnings.

Users with browsers such as Chrome or Firefox should detect fake security certificates, however many in the country prefer to use home-grown browsers that do not flag these certificates as bogus. Greatfire said Qihoo's popular Chinese 360 secure browser is "anything but and will load the MITMed page directly."

If users ignore the warnings, their details will get passed onto eavesdroppers, it is claimed.

"This is clearly a malicious attack on Apple in an effort to gain access to user names and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc," said Greatfire in the blog post.

"Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone."

The censorship watchdog said authorities had also mounted attacks on Google, Yahoo, Github and others. It said the latest attack may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.

Greatfire also said the attack could be related to the increased security of the new iPhone. Better encryption on the iPhone designed to keep out the NSA would also prevent Chinese authorities snooping on Apple's users.

The censorship watchdog said this latest episode should "provide a clear warning signal to foreign companies that work with the Chinese authorities on their censorship agenda".

"Working with the authorities to help them prevent free access to news and information is not a guaranteed path to riches in China. If anything, cooperation with the Chinese authorities can now increasingly be labelled as the worst decision a foreign company can make."

Greatfire urged users to access the internet using a VPN and enable two-factor authentication on their iCloud accounts.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Apple cuts ties with Jony Ive after 30 years
Hardware

Apple cuts ties with Jony Ive after 30 years

13 Jul 2022
Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

23 Jun 2022
Apple faces a catch-22 decision with iPhones and USB-C
Policy & legislation

Apple faces a catch-22 decision with iPhones and USB-C

8 Jun 2022
Apple overhauls SwiftUI navigation and brings a score of new features to developers at WWDC 2022
software development

Apple overhauls SwiftUI navigation and brings a score of new features to developers at WWDC 2022

7 Jun 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022