According to the Greatfire.org website, scant days after Apple iPhones went on sale in China the Chinese government has launched a man-in-the-middle attack designed to intercept user’s iCloud account usernames and passwords.
Greatfire asserts that the Chinese government has set up a fake login site that looks exactly like the Apple iCloud login site (without the digital certificates). If users ignore the security warning and click through to the fake Apple site and enter their username and password, this information has now been compromised by the Chinese authorities.
The article on the Greatfire site states, "This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc."
The Website has documented other attacks by the Chinese government targeting Google, Yahoo, Github and others and speculates that these latest attempts to hijack user’s iCloud accounts is related to the recent protests in Hong Kong.
It’s also quite likely that, like the US police and government agencies, they are nervous about Apple (and Google’s) recent implementation of encryption by default on their devices. Neither the US nor Chinese authorities want people running around willy-nilly gathering, storing or – gasp – sharing information with other people that hasn’t been sanctioned and/or sanitised for the good of the people.
It’s also a sign that it doesn’t really matter how chummy you think you might be with the Chinese powers that be, they will probably never trust anything you do or say.
As the Greatfire article says:
No doubt there will be a denial (or no comment at all) from the Chinese government. In fact it will probably accuse Apple of cooking up the whole story and threaten to halt shipments of iPhones unless Apple passes more profits to a few choice politicians.