AUDIE CORNISH, HOST:
Apple CEO Tim Cook is in China today, where he spoke with government officials about data security and privacy. That's according to China's official news agency. The meeting follows an attack against iCloud users in China. Hackers were able to get user data by intercepting traffic on the Internet. They did not break into Apple's servers.
NPR's Aarti Shahani explains how it happened.
AARTI SHAHANI, BYLINE: The attack coincided with the launch of the new iPhone 6. As for the perpetrator, a nonprofit watchdog called GreatFire alleges the Chinese government was behind it. China denies that and Apple in its statement does not name a culprit, but the attack has a name.
ZACHARY ALLEN: Man in the Middle Attack.
SHAHANI: Zachary Allen is lead researcher at the security firm ZeroFOX.
ALLEN: Imagine someone running a post office and they're managing all of the letters that go in and out of that post office. A man in the middle attack is someone running or taking over one of those post offices and they can take your envelopes that you're sending out to your family or your friends and put them somewhere else.
SHAHANI: Or they can open up the letter, change it, reseal it and then send it back out and the sender wouldn't have a clue. The end goal could be to steal information to change information. The perpetrator could be one person or many people.
ALLEN: We've seen criminal organizations, we've seen disgruntled employees. It can also be nation-state actors.
SHAHANI: The attack is really different from say, a virus that gets into a single document. It's more sophisticated. The Internet is a bunch of interconnected routers. With Man in the Middle, the attacker takes over a router and can watch all the traffic - text messages, emails, iCloud logins - to decide what's worth stealing.
ALLEN: These routers help get you from where you are to a destination. If you managed to compromise one of those routers, any traffic that flows through that, you control.
SHAHANI: Apple's new iPhone is in fact more secure than previous ones. The physical hardware itself is harder to hack into. So according to experts, these kinds of attacks that target weak links in the transfer of data on the Cloud will become more common. Apple is advising concerned customers to read the warnings that pop up in web browsers. So if you see a strange request for permission or a certificate at the iCloud login, don't just click OK.
Aarti Shahani, NPR News, San Francisco.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.