Right on the heels of the iPhone 6 launch, Chinese authorities are now reportedly extending the Great Firewall to include iCloud services. That includes the iMessages, Contacts and Photos of any of its citizens that own an iPhone. In other words, China’s government could be tracking their every move.
This is scary but not altogether surprising. The man-in-the-middle attack that’s supposedly enabled Chinese authorities to scoop up users iCloud data without them knowing it is being reported by GreatFire.org, the same watchdog blog that broke the news about a similar attack on Yahoo and reported on man-in-the-middle attacks on Google and Github. So it’s safe to say that there’s a pattern of this kind of behaviour coming from the Chinese government. It’s also worth pointing out that the attack coincides with on-going democracy protests in Hong Kong, where many protestors online activity has been tracked.
Given how deeply iCloud is integrated into Apple devices, however, there is certainly cause for concern. Multiple users have reported iCloud.com being blocked from Firefox and Chrome browsers in China, while users of the popular Qihoo browser Chinese 360 are taken directly to dummy iCloud log-in that gives the man-in-the-middle attack direct access to their information. By its very nature, a man-in-the-middle attack then allows users to navigate the app normally without realising that malware is scooping up all of their data.
If you’re in China, the best way to avoid being implicated in this attack is by turning on two-step authentication. Heck, while you’re at it, turn on two-step authentication for everything — it’s time. Unfortunately, the attack makes it kind of difficult to access iCloud normally, so you’ll have to use a VPN to log in safely. Then again, who knows how safe anything you do on the internet in China is these days. [GreatFire.org]