Apple adds trio of powerful personal security tools to protect your cloud
Apple has introduced three powerful new data protection tools: iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. The whole notion here is to give users even stronger protections for their data.
Securing the cloud
What’s important about these protections is that they aim to secure data stored in the cloud.
- iMessage Contact Key Verification means users can verify they are communicating only with whom they intend. This will be available globally in 2023.
- Security Keys for Apple ID gives users the choice to require a physical security key to sign in to their Apple ID account. Available globally in early 2023.
- Advanced Data Protection for iCloud uses end-to-end encryption users can put in place to further protect important iCloud data, including iCloud Backup, Photos, Notes, and more. This is available in the US today for members of the Apple Beta Software Program and will be available to US users by the end of the year. The feature will start rolling out worldwide in early 2023.
The background to these tools is Apple’s recognition of the increasingly complex and murky nature of the threat that exists against user data. Attacks are becoming more complex; nation states are involved and not everyone respects the right to privacy.
These tools also let Apple claim to offer the most secure products on the market, from the on-chip security to encryption and data protection, all supplemented by things like Lockdown Mode.
In a newly published report made available by Apple, experts say the total number of data breaches more than tripled between 2013 and 2021, exposing 1.1 billion personal records across the globe in 2021 alone. Increasingly, companies across the tech industry are addressing this growing threat by implementing end-to-end encryption in their solutions.
What Apple said
“At Apple, we are unwavering in our commitment to provide our users with the best data security in the world. We constantly identify and mitigate emerging threats to their personal data on device and in the cloud,” said Craig Federighi, Apple’s senior vice president of Software Engineering.
“Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications.”
What is iMessage Contact Key Verification?
iMessage Contact Key Verification lets users who face extraordinary digital threats — such as journalists, human rights activists, and members of government — choose to further verify that they are messaging only with the people they intend.
The vast majority of users will never be targeted by highly sophisticated cyberattacks, but the feature provides an important additional layer of security for those who might be.
Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications. And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call.
Available 2023.
What are Security Keys?
Apple introduced two-factor authentication for Apple ID in 2015.
Today, with more than 95 percent of active iCloud accounts using this protection, it is the most widely used two-factor account security system in the world as far as Apple knows.
Security Keys lets users also use third-party hardware security keys to enhance this protection. This hardens Apple’s existing two-factor authentication by requiring a hardware security key as one of the two factors.
“This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam,” the company said.
This feature is also designed for high profile targets. It will be made available to users in early 2023.
What is Advanced Data Protection for iCloud?
iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data.
Advanced Data Protection raises the number of protected data categories to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.
“Apple makes the most secure mobile devices on the market. And now, we are building on that powerful foundation,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture.
“Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.”
[Also read: Apple launches security portal, blog and more]
For users who opt in, Advanced Data Protection keeps most iCloud data protected even in the case of a data breach in the cloud.
Advanced Data Protection for iCloud is available now to members of the Apple Beta Software Program in the US, will be made widely available in the US later this year, and will begin to be made available internationally in 2023.
A complete technical overview of the optional security enhancements offered by Advanced Data Protection can be found in Apple’s Platform Security Guide, along with data breach research “The Rising Threat to Consumer Data in the Cloud” by Dr. Stuart Madnick, professor emeritus at MIT Sloan School of Management.
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.