BGP MiTM attack against iCloud users

Millions of China-based Apple device users could have had their information compromised in a BGP Man-in-The-Middle (MitM) attack earlier this week that some experts believe the Chinese government was behind. The nationwide attack, aimed at intercepting users' iCloud login credentials and personal data, coincided with the launch of the iPhone 6. An unknown party impersonated iCloud.com and was able to spy on users' actions if they clicked through their browser's phony certificate warning.

Although this type of attack wasn't surprising, it was noteworthy because it targeted user data, whereas previous Chinese BGP MitM efforts went for non-user information pages.

Beyond the targeting of user data, this Apple BGP attack affected an incredibly large group of people, which would require immense access to China's networks. It would be difficult to achieve this attack if you didn't control the underlying infrastructure. We can't say 100 percent, but there's a good indication that this was an effort by the Chinese government to access the data.

The unknown attacker targeted one specific IP address, on which a self-signing certificate was implemented. Users' browsers should have warned them that the connection wasn't valid; however, one of the country's most popular browsers doesn't issue the warnings. Some of its users could have had their accounts compromised.

To some, the correlation between the BGP attack's timing and the release of the iPhone 6 didn't seem coincidental. The phones have encryption enabled by default, and U.S. government organizations, including the Federal Bureau of Investigation (FBI), have already denounced Apple's encryption decision. The organization argues that law enforcement will be unable to access critical data to catch a wanted criminal or to respond to an emergency. China's stance isn't much different. In some ways, We were surprised at all the shock (around the BGP attack), it seemed to be a very natural thing to see happen. We would almost expect it. But it really was a surprise that they (the BGP attackers) were so obvious.

China's government feels it should be able to access its citizens' data whenever it wants, the right to privacy doesn't exist everywhere.

Following the attack, Apple posted a support page about its iCloud.com security. The company didn't mention China explicitly in the post, although it did discuss digital certificate security and ensuring secure logins. The post, available only in English and Chinese, walks users through various browsers and how to tell whether a certificate is valid. Additionally, Apple changed iCloud.com's DNS in China and the company's CEO Tim Cook visited the country following the attack.

As far as continuing to protect against BGP MitM attacks, security experts suggested using a VPN service and being hyper aware of internet connections when in China. The battle to capture data moving into and out of totalitarian government regulated areas is going to happen forever, that type of battle is just going to continue to escalate.