Monday, October 27, 2014

Chinese Hackers Defy Apple's New Security

Attack on iCloud may threaten Hong Kong protesters as Apple boosts iPhone security.

Students check their laptops and smartphones during a rally of pro-democracy demonstrators in Hong Kong on October 10, 2014.
China's hack of the Apple iCloud could be attempt to suppress or obtain data from the Hong Kong protest, onlookers say.

By 
Looking to keep a step ahead of Apple’s efforts to avoid government surveillance, and perhaps spy on pro-democracy protesters in Hong Kong, China has staged a cyberattack against its citizens who use iCloud. The attack attempts to trick those customers into giving up their login information and expose online data to the secret police.
In what's called a "man in the middle atttack," the scheme asks users to share their logins and passwords on a fake website before redirecting them to the real server. The research group GreatFire.org, which tracks China’s billion-dollar online censorship and hacking operations -- including similar incidents with Google users -- first reported the attack Monday.
“This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc,” the group said in its blog post.
In response, Apple posted a security warning on its homepage, which explains that its browsers are not infected with spyware and gives users directions on how to avoid the trick in both English and Chinese.
“We’re aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” the company said in the blog post. "These attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser."
The attack comes at a time when tens of thousands of Hong Kong citizens have taken to the streets,seeking greater autonomy from the mainland Chinese government. The hack could help Chinese authorities gain access to photos and data stored on iCloud related to the Hong Kong protests. The timing of the hack could be related, but it could also be linked to the recent release of Apple’s new iPhone 6 and iPhone 6 Plus, says Madeline Earp, a research analyst at the Freedom House, which advocates for internet freedom and privacy..
“There’s no question that people in Hong Kong who are using digital tools to mobilize demonstrations should be aware of the possibility that those tools will contain security vulnerabilities,” Earp says.
China may have felt pressure to stage this hack since Apple recently added new security measures to its latest phones, designed to limit government and law enforcement surveillance of users. Apple CEO Tim Cook announced in September that his company will not hold the encryption keys for the new iOS 8 system, making it impossible for the tech giant to access data stored on Apple devices for authorities like the National Security Agency or the Chinese government.
The iCloud attack coincides with a delay in the launch of the iPhone 6 series, which China’s government postponed until Oct. 17. This is unusual since China began selling the iPhone 5S during its global launch date on Sept. 20, 2013. It is unclear whether China’s government delayed the iPhone sales in order to engineer the cyber-attack, says James Lewis, a cybersecurity researcher at the Center for Strategic and International Studies think tank.
Americans who correspond with people in China over the internet are already at risk of government eavesdropping, so the middle-man attack is a way for China’s government to escalate its spying as companies improve their security, says Lewis, also a former State Department diplomat.
“The Chinese are probably worried since a lot of companies including Apple are trying to use more encryption,” he says.
After the U,S, and Europe, China is Apple’s third biggest market; that nation’s 618 million Internet users represent only 45.8 percent of its population, making it a huge growth opportunity for the tech giant. It's a complicated goal for tech companies, however, because the Obama administration has accused China of sponsoring hackers to steal trade secrets from U.S. businesses, and because of the ethical concerns of doing business in a country with a vast government-sponsored censorship campaign. 
http://www.usnews.com/

No comments:

Post a Comment