ICloud's website was compromised and left many vulnerable to MITM attacks

ICloud.Com Website Compromised In China, Leading To The Potential For Rampant Man-In-The-Middle Attacks

News Data Breach

ICloud.Com Website Compromised In China, Leading To The Potential For Rampant Man-In-The-Middle Attacks


Last week, after a report of a hack into iCloud.com in China, Apple posted a security notice on its website, telling browser users to pay attention to warnings of unsecure digital certificates. Perpetrators plan organized network attacks using unsecure or invalid certificates to exploit confidential user information.

The breach was revealed after reports of a man-in-the-middle attack in which unassuming customers accessing iCloud.com in China were presented with a bogus certificate. By fooling older browsers with phony certificates and hijacked addresses, attackers can intercept the credentials of unsuspecting visitors.

If users ignored the security warning and clicked through to the Apple site with their username and password, their credentials may have been compromised. With these credentials, the perpetrator can in turn obtain all data stored on an iCloud account, including text messages, photos, and contacts. Whether any user data was actually compromised remains unclear.

On Apple’s support page, there is information telling users running Chrome, Firefox and Safari what to do in the event they encounter a phony certificate. Customers accessing the service are advised to always verify that they are connected to an authentic iCloud website via a trusted browser. Information regarding the attack on Internet Explorer (IE) was nowhere to be found, even though IE is the most popular browser used in the People’s Republic of China.

Although IE hasn’t been supported on OS X since 2005, it is widely used in China on Windows-powered PCs. IE can connect to iCloud.com to manage storage and use online versions of Apple’s iWork productivity suite among other things. It was determined by Apple that the attacks do not impact iCloud browsers, iCloud sign-in on iOS devices, or Macs running OS X Yosemite using the Safari browser.

The attack comes closely on the heels of the iPhone 6 and iPhone 6 Plus launch last Friday in mainland China. It has been reported that the iCloud.com attacks seemed to be conducted over networks belonging to China Telecom and China Unicorn, two state-controlled broadband providers, a claim China has refuted.

Hackers can often exploit individuals using public WiFi via a man-in-the-middle attack, which is why providing secure, over-the-air encryption with WPA2-Enterprise and server certificate validation is an absolute must for corporations and institutions.