After previous attacks reported by greatfire.org on Github, Google, Yahoo, and Microsoft, it appears authorities in China are now conducting a man-in-the-middle (MITM) attack on Apple’s iCloud service.
Over the past hours China’s great firewall has begun discreetly redirecting visitors to a fake page that was created to look identical to Apple’s iCloud login page.
Those who are using Chrome or Firefox will be notified of the security risk because they are no longer on Apple’s website, however users of the popular Chineese browser Qihoo are not seeing any notification. If the user chooses to enter the login details, the iCloud account will almost certainly be compromised.
This appears to be a malicious attack on Apple’s services just in time for the nationwide launch of the latest iPhone. A privacy violation of this nature would almost certainly give away access to all of a user’s data stored on the iCloud like pictures, imessages, contacts, and more. While previous attacks on Google and Yahoo would allow the state to snoop on what content was accessed, the Apple attack gives them full and un-restricted access to Apple customer’s iCloud accounts. Since many people throughout Asia use this platform to share images, there is a good change this recent development is apart of the larger crackdown on recent Hong Kong protests.
How to bypass the attack
To counteract this exploit, users in China should immediately begin using a secure web browser like Chrome or Firefox. These browsers will prevent access to the compromised page, while Qihoo’s 360 browser will forward the user through to the phishing page without thinking twice. Additionally, users should activate two-step authentication for their iCloud accounts as this will prevent un-authorized access even if the user/pass as been compromised.
The best way to defend against such an attack is to setup a secure VPN tunnel and completely bypass the Great Firewall. Unblocking websites in China should be easy with any VPN service, right? Unfortunately, this is not true. In addition to heavy internet censorship, China’s Deep Packet Inspection (DPI) firewall is very successful at blocking or severely limiting all standard VPN protocols. For this reason it is important to make sure that your VPN provider will work within China.
TorGuard has engineered special “Stealth” connections that are guaranteed to bypass this DPI firewall and provide “invisible” VPN access anywhere within China. Stealth VPN options are provided to all clients at no additional charge and can be accessed by selecting a Stealth enabled server option as seen below:
TorGuard Stealth VPN service is a privacy tool that empowers you to bypass strict VPN censorship even behind China’s great firewall. Unlike normal VPN traffic which can be filtered or blocked by a DPI firewall, TorGuard Stealth VPN service will appear as regular HTTP traffic making it virtually impossible to block. No more random disconnections or throttled VPN sessions – TorGuard stealth VPN will go un-noticed and allow you to view the web in its entirety.
Get the best China VPN service with TorGuard now for as low as 4.99/m!
Get TorGuard’s premium anonymous VPN service to enhance your online privacy and protect your online identity within China. With TorGuard, you can have military grade VPN encryption guarding your internet connection and a virtual presence in over 42 countries. Why use TorGuard to hide your IP address?
– Get FIVE simultaneous connections on all your devices.
– Easy Setup on any system: Windows, Mac, Linux, Android, iOS
– VPN Service for as low as $4.99 / month, Access 1000+ IP’s in over 32+ countries
– Automatically Update newest TorGuard Servers, No Complicated Install or Setup
– TorGuard app supports easy OpenVPN install on Android from Google Play
– Unblock censorship anywhere in the world and Fully encrypt your downloads / browsing
– Fast connections with 100% Uptime featuring Unlimited Bandwidth and Speeds
– 24/7 365 Support For Help – Real people with real answers.