sciencetech-blog

comments

Apple Chief Executive Tim Cook discussed user data security at a meeting on Wednesday with a top Chinese government official in Beijing, the official Xinhua news agency has reported.

The meeting comes days after a Chinese web monitoring group published a report saying Apple users in China have been targeted in a sophisticated and widespread attack by hackers seeking private user data stored on the iCloud service.

The group, Greatfire.org, has alleged Chinese government involvement in the hack, a claim the government has strongly refuted.

At a meeting on Wednesday in Zhongnanhai, Cook and Vice Premier Ma Kai exchanged views on 'protection of users'information' according to Xinhua.

Apple has not issued any public statements on the matter.

At a meeting on Wednesday in Zhongnanhai, the Beijing complex housing China's central government, Cook and Vice Premier Ma Kai exchanged views on 'protection of users' information' as well as 'strengthening cooperation and in information and communication fields,' according to Xinhua.

Greatfire told Reuters that Apple appeared to have rerouted user data on Tuesday to circumvent the hack.

The company did not respond to requests for comment Wednesday.

Earlier this week it was claimed the iCloud storage service in China was attacked by hackers trying to steal user credentials, a Chinese web monitoring group said, adding that it believes the Beijing government is behind the campaign.

Using what is called a 'man-in-the-middle' (MITM) attack, the hackers interposed their own website between users and Apple's iCloud server, intercepting data and potentially gaining access to passwords, iMessages, photos and contacts, Greatfire.org wrote in its blog post.

An Apple representative declined comment on the allegations that Beijing was trying to spy on Apple customers, but noted that the company had updated its technical support page to provide advice on how to protect against such attacks.

'We're aware of intermittent organized network attacks using insecure certificates to obtain user information, and we take this very seriously,' the page read.

Apple tells users to never enter their iCloud password if they get warnings about invalid digital certificates when visiting www.icloud.com. 

It also describes procedures users can use to verify they are connected to Apple's legitimate site when using various browsers.

Greatfire.org, which conducts research on Chinese Internet censorship, alleged government involvement in the attack, saying it resembled previous attacks on Google ,Yahoo and Microsoft Corp's Hotmail.

Asked about the attack, Chinese Foreign Ministry spokesperson Hua Chunying told a daily news briefing that Beijing was 'resolutely opposed' to hacking.

The attack cited by Greatfire comes several weeks after Apple said it would begin storing iCloud data for Chinese users on China Telecom (0728.HK) servers.

The attack cited by Greatfire comes several weeks after Apple said it would begin storing iCloud data for Chinese users on China Telecom (0728.HK) servers.

It also coincided with the start of iPhone 6 sales in China, which began Friday after weeks of talks between China and Apple over what the government said were cybersecurity concerns.

Two independent security experts contacted by Reuters said Greatfire's report appeared credible.

'All the evidence I've seen would support that this is a real attack,' said Mikko Hypponen, chief research officer at security software developer F-Secure.

Greatfire.org said the attack most likely could not have been staged without knowledge of Internet providers like China Telecom, given they appeared to originate from 'deep within the Chinese domestic Internet backbone'.

But the group said the attack may not be linked to Apple's recent decision to store user data on China Telecom servers.

It was unclear if the hackers were still active. Apple did not have an immediate comment when contacted.

A China Telecom spokesman said: 'The accusation is untrue and unfounded.'

Apple said at the time the move to China Telecom was made to improve the speed of service for Chinese servers and flatly denied the possibility that it would expose user data.