China Hacks Apple ICould-Protectionism at its Best

Leave a comment

October 21, 2014 by ...

Beijing is vehement about helping local firms and the feeling is mutual. Due to the power of the party, firms must pay to play, or help out when Beijing comes asking. Chinese firms will do for the communist party what many foreign companies will not and thus those non-locals are cut out of or crippled in the China market. The excerpt following my commentary speaks to this and other issues when dealing with China.

When in China, ‘secure’ does not mean ‘secure’
While the NSA had to hijack gear to eavesdrop, the communist party does not. They merely tell local firms what they want, and they get it. For example, China’s very own ‘360 Secure browser’ will not thwart the recent Beijing backed man-in-the-middle attacks on Apple but Firefox and Chrome do.

This coincides with the fact that many Chinese cell phone companies are reputed to be in the pocket of the party as well. It is such assertions that has people questioning how close Xiaomi is to the power brokers in Beijing. My local colleagues have said that they do not trust Xiaomi for this very reason. They say that they do not like Xiaomi as 1- phones are shanzhai or Apple knockoffs and 2- they do not trust the company.

What they mean in point two is that they believe Xiaomi will conform to the diktats of Beijing. They believe the same is not true of American phone manufacturers, however.

Interestingly enough, they have concerns over phones Apple sells in China and prefer to buy handhelds sold in the USA. A gnawing suspicion they have is that Apple gear sold in China may come pre hacked or impregnated with malware. They do not think this is true of sold in USA kit.

This ever present belief that goods destined for the Chinese market may have the thumbprint of the communist party is partly what drives many Chinese to buy foreign. To them, reports of Xiaomi sending covertly sending data to Beijing is just par for the course. In fact, they would be more surprised if Xiaomi did not do this.

The rest of the world is just getting up to speed on all things China but seems to be catching on. No one really knows what Xiaomi does with the data and why they take it, but to many people here the answer is obvious.

While true Xiaomi is set to own the cell market in China, it has not come at a cost. Chinese are accustomed to being lorded over and have different expectations of privacy as we do. To many of them $200 is a small price to pay for a decent smart phone which also happens to keep its eyes and ears open for Beijing.

Excerpt on China’s hacking ICloud and more
“After previous attacks on Github, Google, Yahoo and Microsoft, the Chinese authorities are now staging a man-in-the-middle (MITM) attack on Apple’s iCloud.

We have posted previously about MITM attacks on Google and Github and broke the news about the recent attack on Yahoo. Refer to the appendix at the end of this post to see technical evidence of the attack.

This case is different, however, for a few of reasons.

Wikipedia defines a man-in-the-middle-attack in the following way:

The man-in-the-middle attack…is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker.

This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc. Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone. While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different. If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities. Many Apple customers use iCloud to store their personal information, including iMessages, photos and contacts. This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.

What should users do to counteract this attack? Internet users in China should first use a trusted browser on their desktops and mobile devices – Firefox and Chrome will both prevent users from accessing iCloud.com when they are trying to access a site that is suffering from a MITM attack. Qihoo’s popular Chinese 360 secure browser is anything but and will load the MITMed page directly.”
Read more here

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 85 other followers

Stat Counter

counter for wordpress

Member of The Internet Defense League

Blog Stats

  • 46,638 hits
October 2014
M T W T F S S
« Sep   Nov »
 12345
6789101112
13141516171819
20212223242526
2728293031  
%d bloggers like this: