Apple’s iCloud targeted in man-in-the-middle attack in China

Following the iPhone 6 launch in China, Apple’s iCloud service began facing a “man-in-the-middle” style attack in the country, in an apparent attempt to steal username and password information, according to an anti-censorship watchdog group.

As of Monday, the attack was still ongoing, said GreatFire.org, which began noticing two days before that certain connections made to Apple’s iCloud site in China were no longer responding with a trusted digital certificate, putting them at risk of decryption.

Man-in-the-middle attacks eavesdrop on communications by pretending to each party to be the one at the other end. The attacker will trick victims into believing they are visiting a site over a secure connection, when in fact all communications are being monitored.

To read this article in full or to leave a comment, please click here

Network World Security