2 comments Facebook Twitter Reddit
AppleInsider may earn affiliate commissions for purchases made through links on our site.
Apple has announced a series of three powerful new tools to protect users' most sensitive data in new iCloud and iMessage features that will be rolled out soon. and the end of 2023.
Back in 2015, Apple was beefing up security with two-factor authentication in the App Store. In 2023, it implements three additional security settings for all users.
“Apple makes the most secure mobile devices on the market,” Ivan Krstic, Apple's head of security and architecture, said in a statement. “And now we are building on that powerful foundation.”
“Advanced Data Protection is Apple's highest level of cloud data security,” Krstic continued, “giving users the ability to protect the vast majority of their most important iCloud data with end-to-end encryption so it can only be decrypted on their trusted devices.”
Three new or enhanced Apple data protections:
- iMessage contact key verification (expected in 2023)
- Apple ID security keys ( expected early 2023) )
- Enhanced Data Protection for iCloud (currently in beta, US end 2022, worldwide 2023)
“At Apple, we're unwavering in our commitment to providing our users with the world's best data protection,” said Craig Federighi, Apple's senior vice president of Software Engineering. “We are constantly identifying and addressing emerging threats to their personal data on device and in the cloud.”
“Our security teams work tirelessly to keep users' data safe,” he continued, “and with iMessage contact key verification, security keys, and advanced data protection for iCloud, users get three powerful new tools to further protect their most sensitive data and messages.”
iMessage Contact Key Verification
With optional iMessage Contact Key Verification, Apple says that users who activate it will be warned “if an exceptionally advanced adversary, such as a government-sponsored attacker, ever succeeds in hacking cloud servers and inserting their own device to listen to these encrypted messages.”
The same feature also allows users to compare what Apple calls a contact verification code “in person, over FaceTime, or through another secure call.”
Apple ID Security Keys
This requires the existing two-factor authentication and strengthens it. on the requirement of one of these two factors to be a hardware security key. Users will have the option to use this, and if they choose, they will also have the choice of third-party hardware security keys.
“This feature is intended for users who often face consistent threats to their online accounts, such as celebrities, journalists, and government members, because of their public profile,” Apple said in a statement.
Advanced Data Protection for iCloud
Multiple Data Categories iCloud, such as iCloud Keychain passwords and health information, are already end-to-end encrypted. When the new feature becomes available, users will be able to encrypt 9 more categories.
These new categories include iCloud backup, notes, and photos. Apple notes that only iCloud Mail, Contacts, and Calendar are left without end-to-end encryption, and says this is due to “the need to interoperate with global email, contacts, and calendar systems.”
Why Apple is adding extra security now
The Wall Street Journal's Joanna Stern asked Federighi why Apple decided to do it now when security experts have called for it for years . He replied that Apple is consistently working on this issue.
“Some of the steps we took over a decade ago, and the development of iCloud and the way it was encrypted, were prerequisites by now,” he said, “and the use of end-to-end encryption for other types of data such as like passwords, browser history, etc., help [improve] this technology.”