X

Apple CEO meets with Chinese official following iCloud attacks

The meeting follows a notice from Apple that iCloud has been targeted by network attacks in an attempt to gain user information. But are the Chinese behind it?

Lance Whitney Contributing Writer
Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.
Lance Whitney
3 min read

apple-icloud-warning.jpg
This is part of the iCloud notice that Apple posted Tuesday. Apple says: "If you see this message, don't proceed or attempt to sign in." Apple/screenshot by Lance Whitney/CNET

Apple CEO Tim Cook met with a high-ranking Chinese official on Wednesday in Beijing to discuss online security issues.

The meeting came just a day after Apple warned the public about cyberattacks against its iCloud, which one group blames on the Chinese government.

Cook met with Ma Kai, a vice premier, reportedly to discuss protecting user information and cooperating more fully regarding information and communication, China's state-run Xinhua news agency reported. Xinhua didn't provide details on the discussions, but the meeting follows this week's news of attacks on Apple's cloud storage service and last Friday's official launch of the iPhone 6 and 6 Plus in China.

On Tuesday, Apple posted a security notice warning iCloud users of attacks against the online service.

Apple is deeply committed to protecting our customers' privacy and security. We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously. These attacks don't compromise iCloud servers, and they don't impact iCloud sign in on iOS devices or Macs running OS X Yosemite using the Safari browser.

Apple said that the iCloud website is protected by a digital certificate and explained what users should do if they receive an invalid certificate warning in the browser when visiting the iCloud site. The information varies slightly depending on which browser you use.

In its security notice, Apple didn't reveal potential sources of the attack. But at least one group is pointing the finger at the Chinese government.

In a blog post on Monday, Greatfire.org, which monitors Chinese Internet censorship, accused Chinese authorities of staging a man-in-the-middle-attack on iCloud. In such an attack, the attacker breaks into an online exchange or transaction between two parties, such as a user and the iCloud service. By impersonating both parties, the attacker is able to intercept and obtain information sent back and forth, such as usernames and passwords.

Greatfire called the incident "malicious" and said that certain user information may have been "compromised by the Chinese authorities."

This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc. Unlike the recent attack on Google, this attack is nationwide and coincides with the launch...in China of the newest iPhone. While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different. If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities. Many Apple customers use iCloud to store their personal information, including iMessages, photos and contacts. This may also somehow be related again to images and videos of the Hong Kong protests being shared on the mainland.

Whether any user data was actually compromised is unclear. Greatfire told Reuters that Apple apparently rerouted user data on Tuesday to evade the hack. The Chinese government has refuted any involvement in the security breach against iCloud.

An Apple spokeswoman told CNET that the company has nothing to add to the information on the security notice page.