Censorship watch dog GREATFIRE.org reported on Monday that the Chinese government launched a cyberattack against iCloud as the new iPhones officially launch in China. The attack is a nationwide man-in-the-middle (MITM) attack. The organization previously reported on government hacks against Google and Yahoo which allowed the government to see what information citizens were accessing.
The current attack is slightly different. A security warning does appear but if the user ignores it and goes to the Apple site to enter his username and password, Chinese authorities will have access to any information stored on iCloud including various personal data.
GREATFIRE reported that the attack may be related to the new encryption features Apple integrated into OS8 in an attempt to prevent Snowden style NSA snooping.
As companies such as CentryLink and Alibaba expand with data centers and cloud services in China, it’s important for businesses to realize breaches such as this make it difficult to gain the trust of the public. Recent hacks at finance giant JP Morgan and retailers Dairy Queen and Kmart have further eroded public confidence in cloud.
Expanding cloud services into Asia could be particularly tricky for service providers. A recent Economist Corporate Network reportshows that while over 60 percent of respondents reported partially replacing current IT use with cloud solutions and one-fifth are actively replacing most of their technology with cloud-based options, security and data privacy remains a primary concern.
According to the report, “Perhaps unsurprisingly in the post-Snowden, post-Heartbleed world, respondents’ top concerns were data privacy issues and cyber security, with the former being more critical: nearly a third of respondents thought the state of data privacy in Asia was a ‘major deterrent’ to adoption.”
When a country’s government is the one doing the hacking and snooping, companies should exercise caution when deploying new services into these areas. Once customer confidence is lost in a data breach it’s difficult to gain back as evidenced by a recent study in the US in which Americans cited concerns over cybersecurity as being more concerning than terrorism.