This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Safe offense and defense Domestic iCloud server encountered a man-in-the-middle attack, and the privacy of Chinese Apple users was not guaranteed...
View: 13261|Reply: 0

[Safety Knowledge] The domestic iCloud server was attacked by a man-in-the-middle, and the privacy of Chinese Apple users was not guaranteed

[Copy link]
Posted on 10/23/2014 7:14:01 PM | | | |

seev2exThere is talk of iCloud being hijacked by a man-in-the-middle. I also went to verify it.

iCloud servers were hijacked by SSL man-in-the-middles, and the privacy of Chinese Apple users was not guaranteed

iCloud.com have multiple IPs,https://23.48.140.239andhttps://23.13.186.46There are no replaced certificates on either iCloud server. But direct accesshttps://23.59.94.46/, the certificate was not replaced in Taiwan, and after changing the VPN of Suzhou Unicom, the certificate was replaced with a self-signed certificate.

This means that iCloud servers are used in ChinaSSL man-in-the-middle hijacking, the privacy of Apple users in China is not guaranteed.If someone is unlucky enough to be returned to the IP address of this icloud.com by the DNS server and ignores the security warnings on the web page, the username and password entered into iCloud will be obtained by the person who made the self-signed certificate, and his private photos stored in iCloud and various account passwords in the key ring will be secretly copied by others.

Evidence analysis

Access directly with Suzhou's IPhttps://23.59.94.46/A self-signed security certificate that has not been authenticated by a trusted CA appears:

This means that the iCloud server accessed by the user is not a real iCloud server, and there is a risk that the account information will be obtained by a third party.

Direct access using an IP from Taiwanhttps://23.59.94.46/There is no problem with this, the fingerprint of the certificate obtained is consistent with the fingerprint of the certificate of the real icloud.com:

And visithttps://23.48.140.239This iCloud server, whether in Taiwan or Suzhou, gets the fingerprint of the certificate that matches the fingerprint of the real icloud.com's certificate:

https://23.13.186.46The situation is also accessedhttps://23.48.140.239Similarly, regardless of whether a Chinese IP is used or not, the fingerprint of the certificate obtained is the same as that of the real icloud.com certificate.


Fingerprints with iCloud.com real certificate:






Previous:Build Your Own CDN Server Static Content Acceleration - LuManager CDN User Tutorial
Next:.wang .mall .online store .gossip .show Is a Chinese domain name feasible? Internet scammers

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com