China executes MITM attack against iCloud and Microsoft account holders

China-based Internet users are in danger of getting their iCloud and Windows Live accounts hijacked and all the information in them slurped up by the Chinese authorities, web censorship watchdog Great Fire reported on Monday.

Users who try to access iCloud.com or Login.live.com from an IP address associated with mainland China are automatically redirected to spoofed login pages that look exactly like the legitimate ones, the watchdog claims. They also offered proof in the form of traceroutes, a connection log, wirecaptures, and the self-signed certificate used in the MITM attack.

The attack coincides with the China-wide release of the newest iPhone, and the redirection is effected at the Great Firewall level.

Firefox and Chrome are safe if they heeded the security warning that popped up when they tried to access the websites in question and did not enter the login credentials, but those who use the popular Qihoo browser were seamlessly redirected to the phishing pages.

The legitimate login pages can be reached by using a VPN service that simulates a connection from an IP address outside China.

The watchdog recommends users to set up two-factor authentication for iCloud and any other online service that offers the option, in order to make attacks such as these less likely to succeed even if the password is compromised.

They believe that the attack might have something to do with the Hong Kong protests, and how images and videos of it are being shared in the mainland.

“This latest MITM attack may be related to the increased security aspects of Apple’s new iPhone,” they noted.

“When details of the new iPhone were announced, we felt that perhaps that the Chinese authorities would not allow the phone to be sold on the mainland. Ironically, Apple increased the encryption aspects on the phone allegedly to prevent snooping from the NSA. However, this increased encryption would also prevent the Chinese authorities from snooping on Apple user data.”

“This MITM attack may indicate that there is at least some conflict between the Chinese authorities and Apple over some of the features on the new phone,” they concluded.

Don't miss