GreatFire reports that the Chinese government is targeting iCloud users in China in an attempt to access their login information. The attack, via the man-in-the-middle method, redirects users to a fake iCloud.com login page.
Like other phishing attacks, this page is pretending to be Apple’s portal but instead intercepts entered usernames and passwords for other means. Although some browsers in China are set up to warn users about these kind of man-in-the-middle attacks, many don’t and (assumedly) many citizens disregard the warnings as the site appears quite genuine otherwise.
While the attack has not been confirmed, any users fooled by the fake site would be putting any information stored in iCloud at risk to the attackers.
The alleged attack comes hot on the heels of Apple’s launch of the new iPhone 6 and iPhone 6 Plus in China. The government may be reacting to the increased encryption and new security options available to users in iOS 8.
It is suggested that Internet users in China should use a trusted browser on their desktops and mobile devices, such as Firefox and Chrome, which will prevent users from accessing iCloud.com when they are trying to access a site that is suffering from a MITM attack. GreatFire advises not to use Qihoo’s popular Chinese 360 secure browser, as it will load the MITMed page directly.
Other steps to avoid the man-in-the-middle attack include using a VPN to bypass the redirection, and enabling two-factor authentication on your iCloud account to prevent attackers from accessing a compromised iCloud account.
More information about the attack can be read on the GreatFire website.