Apple’s iCloud storage and backup service in China has been attacked by hackers believed to be working for the country’s Government.
The hackers used a so-called ‘man-in-the-middle’ (MITM) attack by interposing their own website between users and Apple's iCloud server, intercepting data and potentially gaining access to passwords, iMessages, photos and contacts, Chinese web monitoring group Greatfire.org wrote in its blog post.
The group conducts research on Chinese Internet censorship and alleged government involvement in the attack, saying it resembled previous attacks on Google, Yahoo and Microsoft's Hotmail.
Asked about the attack, Hua Chunying, a spokeswoman for China's Foreign Ministry, told a daily news briefing that Beijing was "resolutely opposed" to hacking. She said the Chinese government itself was a major victim of such attacks.
Greatfire.org said the attack most likely could not have been staged without the knowledge of Internet providers like China Telecom, given they appeared to originate from "deep within the Chinese domestic Internet backbone".
The attack comes several weeks after Apple said it would begin storing iCloud data for Chinese users on China Telecom servers, but the group said the attack may not be linked to Apple's recent decision to store user data on China Telecom servers.
"The previous MITM attacks all showed the same characteristics as this one," Greatfire.org co-founder Charlie Smith said by email. "Apple did not need to be doing anything with ChinaTelecom for this attack to happen, i.e. the authorities did not need that relationship to stage an attack like this one."
Apple did not have an immediate comment when contacted. A China Telecom spokesman said: "The accusation is untrue and unfounded."
Apple said at the time the move to China Telecom was made to improve the speed of service for Chinese servers and flatly denied the possibility that it would expose user data.
“All the evidence I've seen would support that this is a real attack," said Mikko Hypponnen, chief research officer at security software developer F-Secure. "The Chinese government is directly attacking Chinese users of Apple's products."