China got its first official shipments of new iPhones last week, but a new report from web censorship watchdog Great Fire indicates Chinese users may be facing an unpleasant surprise when they try to connect to Apple services at large. As of last night, the Chinese firewall is blocking all local connections to iCloud.com, redirecting those connections to a dummy site designed to look exactly like Apple's login page. (Update: A recent Apple statement has apparently confirmed the attack, announcing an "intermittent organized network attacks" without mentioning China specifically. The company has also changed iCloud.com's IP address, effectively circumventing the attack.)
If you're using Firefox or Chrome, you'll land on a warning page like the one above, but if you're using Qihoo, the most popular browser in China, you'll be routed straight to the dummy site with no indication that it's not being run by Apple. A similar attack is also being leveled against Microsoft's Login.live.com, the company's gateway for all account logins.
Instead of iCloud, users were directed to a dummy site
Because the attack is taking place at the level of the Great Firewall, it seems likely that this is an attack by Chinese authorities meant to harvest usernames and passwords. Great Fire also provided traceroutes and a wirecapture to verify the attacks. If a user logs into the dummy site, it will give the attackers complete access to the user's account, including any photos, text messages or emails stored in the cloud. Apple recently added default disk encryption to iOS, a feature that drew disapproval from the FBI and other law enforcement agencies, leading many to speculate that this attack might be a strike back against the company's new security efforts.
It's still possible for users to circumvent the attack and get through to the real iCloud and login.live site unscathed. The attack only targeted one of iCloud's many IP addresses, so anyone routed to a different IP should reach the real site. A VPN service can also be used to redirect users, provided the VPN service is not also blocked by the Great Firewall. It's the first time China has directly attacked an Apple service, but Great Fire also notes that Apple has complied with the country's surveillance requests in the past. "Apple has a long history of working with the Chinese authorities to self-censor content in China," Great Fire said in a statement. "While we worry for Chinese users who may have their accounts compromised, we are shedding no tears for the Apple executives."
10/21 2:28pm ET: Updated to include Apple confirmation