Skip to main content

Apple acknowledges iCloud hacking in China, but says its servers are safe

apple icloud hack china header f
Image used with permission by copyright holder
Apple responded to concerns that its iCloud service was compromised following a widespread, man-in-the-middle (MITM) attack that is believed to have been sanctioned by the Chinese government.

First brought to light by GreatFire.org, the Chinese government is reportedly using the national firewall system (or the “Great Firewall of China,” as it’s colloquially known) to redirect iCloud users to spoofed pages. By fooling older browsers with phony certificates and hijacked addresses, the apparent intention is to compromise the credentials of unsuspecting visitors.

Related: Apple CEO promises new security measures after iCloud celebrity photo hack

The source of the attack is reportedly China Telecom, a company with ties to Chinese leadership. In August, Apple agreed to store local China iCloud data in China Telecom’s servers.

On Tuesday, Apple told CNBC that it was aware of “intermittent organized network attacks,” but that iCloud servers hadn’t been compromised. The company also said that iCloud sign-in on mobile and Macs running the latest version of OS X are not at risk.

Related: Hackers trick Apple into providing access to an iCloud account, chaos ensues

The same can’t be said for iCloud account holders who log in using outdated Internet browsers, which will not automatically warn of interception (newer distributions of Firefox and Chrome can alert of fake certificates). Users of those and other browsers can still get around the attack by using an unaffected IP address.

GreatFire.org speculates the attack is an attempt to circumvent security measures introduced with the iPhone 6 and 6 Plus, which went on sale in China last week.  It’s hardly the first instance of a hack orchestrated by the Chinese government, though. Yahoo was targeted earlier this month, and a MITM attack continues to affect Microsoft’s Outlook mail service.

The news comes after a slew of female celebrities saw their private photographs — often nude ones — made public after iCloud’s weak security was breached. Called “The Fappening,” the stolen photographs contains naked and semi-naked pictures and videos of more than 100 A-list celebrities, among them Oscar-winning actress Jennifer Lawrence, singer Rihanna, swimsuit model Kate Upton, and TV star Kim Kardashian. While some of the celebrities argue that the pictures are frauds, others  confirmed that the posted photos of themselves were indeed authentic.

To boost security, Apple CEO Tim Cook told the Wall Street Journal that customers would receive alerts via email and push notifications if another person attempts to perform actions such as change an account password, restore iCloud data to another device, or when a device logs in for the first time.

Editors' Recommendations

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
The Apple Vision Pro has given VR its iPhone moment
A person is watching a movie using the Apple Vision Pro.

"One more thing" means you're about to be treated to something groundbreaking -- and that's exactly what happened when Apple CEO Tim Cook uttered those fateful three words at the end of the recent Worldwide Developers Conference 2023 keynote. The Apple Vision Pro is not just another VR headset; no, it's an incredible piece of technology that pushes the boundaries of what we can expect from both virtual reality and augmented reality. The display tech, sensor quality, and polish are like nothing we've ever seen before in a headset — and they signal a big jump forward in VR and AR tech.

The only quibble is the price: $3,500. That's a whole lot of cash, and due to that, I'm not confident the Vision Pro will appear in every other house in the next few years.

Read more
I don’t want Apple to announce its VR headset
A rendering of an Apple mixed-reality headset (Reality Pro) in a gold color seen from the front.

Apple’s 2023 Worldwide Developer Conference (WWDC) is rapidly approaching, and I’m starting to get a rather unpleasant pain in my wallet. The long-rumored Apple Reality Pro VR/AR headset is apparently going to be revealed during the event’s keynote, and I’ve got a terrible feeling I’m not going to be able to resist it.

Why? Because Apple makes great products, I'm sure it’s going to be presented exceptionally well, and I'm doubly sure I’m exactly the person it’ll be targeting. It’s not a good combination, and I worry the only thing that's going to stop me from potentially handing over $3,000 for one is for Apple not to announce it at all.
Take the exciting concept of AR and VR ...
Apple headset render Ahmed Chenni, Freelancer.com

Read more
Let’s be clear, Apple — it’s time to make a transparent iPhone
Deep Purple iPhone 14 Pro with Beats Studio Buds+ in Transparent

Apple has released a new product that's gotten a lot of attention because of an awesome new color option. No, it’s not an iPhone, iPad, or even an Apple Watch. Heck, it’s not even the AirPods Pro 2. So, what am I talking about?

Apple acquired Beats by Dre in 2014, and this week, Beats dropped the new Beats Studio Buds+, which are pretty similar to the AirPods Pro 2, but cost less dough. And they come in one of the coolest colors I’ve seen in a long time: transparent.

Read more