Security on agenda as Apple head visits
China Daily, October 23, 2014 Adjust font size:
Tim Cook, chief executive officer of Apple Inc. [Provided to China Daily] |
Apple has issued a new security warning for users of its iCloud online storage service amid reports of a concerted effort to steal passwords and other data from people who use the service in China.
“We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,” the company on Tuesday said in a statement on its support website, adding that its own servers had not been compromised.
Several news outlets reported on Tuesday that some Chinese Internet users saw warnings indicating they had been diverted to an unauthorized website when trying to sign into their iCloud accounts.
Such a diversion, known to computer security experts as a “man in the middle” attack, could allow a third party to copy and steal the passwords that users enter when they think they are signing into Apple's service.
Hackers could then use the information to collect other data from users' accounts.
Apple's newest smartphone models, the iPhone 6 and 6 Plus, launched in China's mainland last week, have software with enhanced encryption features to protect users' data.
The tech giant, which is based in California, United States, said in its statement that the attacks have not affected users who sign into iCloud from their iPhones or iPads, or from Mac computers while using the latest operating system and Apple's Safari browser.
However, it suggested users verify they are connected to a legitimate iCloud server by using the security features built into Safari and other browsers such as Firefox and Chrome. These browsers show users a warning message when they are connecting to a site that doesn't have a digital certificate verifying it is authentic.
“If users get an invalid certificate warning in their browser while visiting icloud.com, they should pay attention to it and not proceed,” Apple said.
The attacks appear unrelated to an episode last month in which hackers stole nude photographs from the iCloud accounts of several US celebrities.
In that case, Apple said its investigation concluded that the hackers had obtained the users' passwords through so-called “phishing attacks” or by guessing at the answers to security questions that allowed access.
The company said that in that incident its servers were not breached.