Oct 20, 2014 · 2 minutes


China is allegedly executing man-in-the-middle attacks against citizens who attempt to visit Apple's iCloud and Microsoft's Live services, and gathering the log-in data associated with those accounts. All this according to a report from GreatFire, a group which monitors the Chinese government's censorship rules.

Such access would allow the government to view documents saved to iCloud, locate users with the popular "Find my iPhone" tool enabled, and compromise information saved to Microsoft's online services. It's unclear how many people have been affected by the attacks, which are said to be taking place throughout all of mainland China, or for how long they will last.

GreatFire believes that the attack was timed to coincide with the release of the new iPhones, which were announced in September but did not debut in China until October 17 -- supposedly because the Chinese government wanted to verify Apple's claims about the devices' security. At the time, I wrote that it was strange for the Chinese government to care so much about privacy:

So, to recap: a government known for wanting to control foreign companies as much as possible while also gathering information on its citizens is allowing a company thought to have been compromised by the NSA to sell its products in the country. All this, after being assured that there is no way for any government to get at that data, even though at least some of it will be stored on servers operated by a state-owned telecom company, without even so much as a hint of protest.
Now we may have our answer: It seems like the Chinese government wanted to ensure that other countries couldn't eavesdrop on its users even as it prepared to do that exact thing. How else could the attacks have started so soon after the new iPhones' launch date? And, perhaps more importantly, why else would the Chinese government have delayed the launch for so long?

GreatFire had the same thoughts I did, as it discussed in the blog post revealing the attacks:

This latest MITM attack may be related to the increased security aspects of Apple’s new iPhone. When details of the new iPhone were announced, we felt that perhaps that the Chinese authorities would not allow the phone to be sold on the mainland. Ironically, Apple increased the encryption aspects on the phone allegedly to prevent snooping from the NSA. However, this increased encryption would also prevent the Chinese authorities from snooping on Apple user data. It is unclear if Apple made changes to the iPhones they are selling in mainland China. However, this MITM attack may indicate that there is at least some conflict between the Chinese authorities and Apple over some of the features on the new phone.
Such is the problem with increased security against government intrusion -- it's impossible to predict what these governments might do after they've had the chance to look at a product. That's why it's so dangerous to claim that any product is spy-proof: unless we have an up-to-the-day report on what intelligence agencies are capable of, we don't know what they can or can't attack.

[Image via Thinkstock]