http://www.macobserver.com/tmo/article/reuters-gets-it-wrong-on-apple-encryption-and-china
.....................................................
2-17-2016 In January 2015, the state-run newspaper People’s Daily claimed, in a tweet, that Apple had agreed to security checks by the Chinese government. This followed a piece in the Beijing News (link in Chinese) that claimed Apple acceded to audits after a meeting between Cook and China’s top internet official, Lu Wei. China’s State Internet Information Office would reportedly be allowed to perform “security checks” on all Apple products sold on the mainland. According to the report, this was despite Cook’s assurances that the devices didn’t contain backdoors accessible by any government, including the US....
Cook has said on earnings calls that he believes the Greater China region, which includes Taiwan and Hong Kong along with the mainland, will eventually become Apple’s biggest market. Some could get the impression that Apple capitulated to Beijing’s security demands because it wanted access to a huge and growing market.Instead of addressing those rumors head on, Apple didn’t say either way whether it had agreed to a Beijing security audit. Apple didn’t respond immediately to Quartz’s attempts to confirm those reports at the time, and said weeks later it could not comment on them. When contacted today, an Apple spokesperson pointed Quartz to the company’s privacy policy, which states that the company has never worked with any government to create a backdoor to its products. “We have also never allowed any government access to our servers. And we never will,” the policy reads.
That’s in stark contrast to the company’s forthright approach elsewhere in the world....Why the different approach in China? To be clear, Apple hasn’t said that it agreed to special security checks by Beijing. But that’s precisely the problem. Its silence regarding Beijing’s security demands, but its vocal resistance to requests from other governments, contributes to a perception that it has different security standards for different markets–even when that may not be the case. http://qz.com/618371/apple-is-openly-defying-us-security-orders-but-in-china-it-takes-a-very-different-approach/
.................................................................
10-20-2014 This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc. Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone. While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different. If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities....
This latest MITM attack may be related to the increased security aspects of Apple’s new iPhone. When details of the new iPhone were announced, we felt that perhaps that the Chinese authorities would not allow the phone to be sold on the mainland. Ironically, Apple increased the encryption aspects on the phone allegedly to prevent snooping from the NSA. https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone
.............................................................................................
Actually, in China, because the usual excuse for censorship is that it promotes a harmonious society, I tend to lead with a discussion about how the censorship program leads to disharmony. I want to push them to rethink their principles from scratch. https://en.greatfire.org/blog/2015/sep/greatfire-qa-jimmy-wales-china-censorship
........................................................................................................................
In March of this year, Google found unauthorized digital certificates for several Google domains. The root certificate authority for these domains was the China Internet Network Information Center (link is external) (CNNIC). CNNIC was controlled by the Chinese government through the Ministry of Industry and Information Technology (link is external) and is now under the management of the Cyberspace Administration of China (link is external) (CAC). CNNIC was recognized by all major browsers as a trusted Certificate Authority. If CNNIC signs a fake certificate used in a man-in-the-middle attack, no browser will warn of any unusual activity unless the certificate is pinned.
After Google found these unauthorized certificates, both Google and Firefox revoked its trust in CNNIC a few days later, a development we at GreatFire.org have adovacting for since 2013. Apple and Microsoft on the other hand, did not revoke their trust in CNNIC, nor did they make any announcements regarding the security compromise.
In June 2015, Apple quietly published a support article titled “About the security partial trust allow list (link is external)”. This announcement was made quietly and as far as we can see was not picked up in the media. We did not notice this change until this week. Apple states in the support article that “an intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to partially trust a CA by trusting only a set of certificates.” This is the same strategy that has been taken by Google and Firefox to block CNNIC.
Apple also published the full domain list (link is external) signed by CNNIC which might be interesting to researchers.
Microsoft is the only major browser operator left that still trusts CNNIC-issued CAs. Microsoft pointed to a help article (link is external) when requested for comment. Microsoft didn’t indicate any action against CNNIC in the article. We urge Microsoft to revoke CNNIC following Google, Mozilla and Apple's lead and limit CNNIC's authority to the domain list published by Apple. https://en.greatfire.org/blog/2015/sep/apple-blocked-cnnic-ca-months-after-mitm-attacks
.........................................................................................................
http://qz.com/620076/beijing-is-banning-all-foreign-media-from-publishing-online-in-china/
..............................................................................................................................
Apple Pay will help China’s mammoth state banks crush Alibaba offline
But Apple is going to have a huge advantage. A major partner is UnionPay, an offspring of China’s central government, which holds a monopoly on bank card payments for domestic lenders. 19 Chinese banks—including China’s biggest bank, ICBC—announced in December they plan to support Apple Pay. http://qz.com/618230/apple-pay-will-help-chinas-mammoth-state-banks-crush-alibaba-offline/
.....................................................................................................................
That’s in stark contrast to the company’s forthright approach elsewhere in the world....Why the different approach in China? To be clear, Apple hasn’t said that it agreed to special security checks by Beijing. But that’s precisely the problem. Its silence regarding Beijing’s security demands, but its vocal resistance to requests from other governments, contributes to a perception that it has different security standards for different markets–even when that may not be the case. http://qz.com/618371/apple-is-openly-defying-us-security-orders-but-in-china-it-takes-a-very-different-approach/
.................................................................
10-20-2014 This is clearly a malicious attack on Apple in an effort to gain access to usernames and passwords and consequently all data stored on iCloud such as iMessages, photos, contacts, etc. Unlike the recent attack on Google, this attack is nationwide and coincides with the launch today in China of the newest iPhone. While the attacks on Google and Yahoo enabled the authorities to snoop on what information Chinese were accessing on those two platforms, the Apple attack is different. If users ignored the security warning and clicked through to the Apple site and entered their username and password, this information has now been compromised by the Chinese authorities....
This latest MITM attack may be related to the increased security aspects of Apple’s new iPhone. When details of the new iPhone were announced, we felt that perhaps that the Chinese authorities would not allow the phone to be sold on the mainland. Ironically, Apple increased the encryption aspects on the phone allegedly to prevent snooping from the NSA. https://en.greatfire.org/blog/2014/oct/china-collecting-apple-icloud-data-attack-coincides-launch-new-iphone
.............................................................................................
Actually, in China, because the usual excuse for censorship is that it promotes a harmonious society, I tend to lead with a discussion about how the censorship program leads to disharmony. I want to push them to rethink their principles from scratch. https://en.greatfire.org/blog/2015/sep/greatfire-qa-jimmy-wales-china-censorship
........................................................................................................................
In March of this year, Google found unauthorized digital certificates for several Google domains. The root certificate authority for these domains was the China Internet Network Information Center (link is external) (CNNIC). CNNIC was controlled by the Chinese government through the Ministry of Industry and Information Technology (link is external) and is now under the management of the Cyberspace Administration of China (link is external) (CAC). CNNIC was recognized by all major browsers as a trusted Certificate Authority. If CNNIC signs a fake certificate used in a man-in-the-middle attack, no browser will warn of any unusual activity unless the certificate is pinned.
After Google found these unauthorized certificates, both Google and Firefox revoked its trust in CNNIC a few days later, a development we at GreatFire.org have adovacting for since 2013. Apple and Microsoft on the other hand, did not revoke their trust in CNNIC, nor did they make any announcements regarding the security compromise.
In June 2015, Apple quietly published a support article titled “About the security partial trust allow list (link is external)”. This announcement was made quietly and as far as we can see was not picked up in the media. We did not notice this change until this week. Apple states in the support article that “an intermediate certificate was incorrectly issued by the certificate authority CNNIC. This issue was addressed through the addition of a mechanism to partially trust a CA by trusting only a set of certificates.” This is the same strategy that has been taken by Google and Firefox to block CNNIC.
Apple also published the full domain list (link is external) signed by CNNIC which might be interesting to researchers.
Microsoft is the only major browser operator left that still trusts CNNIC-issued CAs. Microsoft pointed to a help article (link is external) when requested for comment. Microsoft didn’t indicate any action against CNNIC in the article. We urge Microsoft to revoke CNNIC following Google, Mozilla and Apple's lead and limit CNNIC's authority to the domain list published by Apple. https://en.greatfire.org/blog/2015/sep/apple-blocked-cnnic-ca-months-after-mitm-attacks
.........................................................................................................
http://qz.com/620076/beijing-is-banning-all-foreign-media-from-publishing-online-in-china/
..............................................................................................................................
Apple Pay will help China’s mammoth state banks crush Alibaba offline
But Apple is going to have a huge advantage. A major partner is UnionPay, an offspring of China’s central government, which holds a monopoly on bank card payments for domestic lenders. 19 Chinese banks—including China’s biggest bank, ICBC—announced in December they plan to support Apple Pay. http://qz.com/618230/apple-pay-will-help-chinas-mammoth-state-banks-crush-alibaba-offline/
.....................................................................................................................
No comments:
Post a Comment