Attack in Action (MitM) The hacking attack used is said to be MitM or The man-in-the-middle attack is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker, leading the victim to provide login credentials and other important data to the attackers. Apple on Tuesday indirectly confirmed the hack, saying that it is aware of some organisations trying to steal passwords and other data using man-in-the-middle attack (MitM). Apple also warned the users to not to enter their iCloud login credentials (username and passwords) if they see a warning for an invalid digital certificate at the top of their browsers. Apple did not mention any information of the attackers neither they pointed the source of the attack to someone in particular. However many Chinese internet users have begun seeing warnings that indicate they had been diverted to an unauthorized website when they attempted to sign into their iCloud accounts. The unauthorized website was harvesting user credentials as per the reports What is this new fix The new fix released by Apple seems to be a temporary fix and a stop gap arrangement as doesn’t do much than warning users of a impending MitM attack or directing Chinese users to a different server that has not been targeted by the attack by changing the DNS servers . Chinese censorship monitoring group, GreatFire tweeted the following, post the release of fix by Apple.
— GreatFire.org (@GreatFireChina) October 21, 2014 Chinese Government behind the hack ? The Chinese Government has denied all the allegations of launching a Man-in-the Middle attack on iCloud users to steal user credentials and other data. Chinese Foreign Ministry spokeswoman Hua Chunying said that China is “resolutely opposed” to hacking. The state owned telecom operators providing the internet services which are accused of allegedly being involved in the attack along with the government, have also denied the allegations in a statement, saying “the accusation is untrue and unfounded. Mashable reported. However security researchers monitoring the Chinese Great Firewall have claimed to have strong proofs of the Chinese governments involvement in the attack. GreatFire another of those monitoring the Chinese internet censorship, even posted the images of the fake login page.
Why iCloud has been buzzing around the media. Apples iCloud has been hogging the news for all the wrong reasons ever since the recent iCloud hacks and leaks popularly known as iCloud Hacks, in which hundreds of private and NSFW images of Hollywood celebrities has been leaked.