Apple vastly expands iCloud data encryption with 3 security updates | Cult of Mac

Apple vastly expands iCloud data encryption with 3 security updates

By

Apple encryption
Apple plans to expand end-to-end encryption for more iCloud services.
Photo: Markus Spiske/Unsplash

Apple said Wednesday users are gaining three new security features to protect their data in the cloud, with some available now and some to come. The overall program is called Advanced Data Protection.

The three new functions to help keep data and communications safe are iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud, the company said.

Apple rolls out iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud

As security threats become more complex, Apple’s new security measures will help users protect important iCloud data like iCloud Backup, Photos, Notes and more, the company said.

It cited the urgent need for data security as shown by a new summary of data-breach research that came out Tuesday, The Rising Threat to Consumer Data in the Cloud. It indicates data breaches more than tripled between 2013 and 2021, exposing more than 1.1 billion personal records across the globe just in that last year, 2021.

“At Apple, we are unwavering in our commitment to provide our users with the best data security in the world. We constantly identify and mitigate emerging threats to their personal data on device and in the cloud,” said Craig Federighi, Apple’s senior vice president of Software Engineering.

“Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications.”

3 new features:

  • Apple noted iMessage Contact Key Verification helps users verify who they communicate with. Coming worldwide in 2023.
  • Security Keys for Apple ID gives them the choice to require a physical key to sign in to their Apple ID account. Coming worldwide in early 2023.
  • And Advanced Data Protection for iCloud employs end-to-end encryption to provide Apple’s highest level of cloud data security. “Available in the U.S. today for members of the Apple Beta Software Program, and will be available to U.S. users by the end of the year. The feature will start rolling out to the rest of the world in early 2023,” Apple said.

The features join others that have bolstered Apple’s reputation for solid data protection. Those include security built directly into “custom chips with best-in-class device encryption and data protections, to features like Lockdown Mode, which offers an extreme, optional level of security for users such as journalists, human rights activists, and diplomats,” Apple said.

Here’s how the Cupertino tech giant describes each of the three features:

iMessage Contact Key Verification

This feature helps make sure you're communicating with whom you think you're communicating.
This feature helps make sure you’re communicating with whom you think you’re communicating.
Photo: Apple

Apple pioneered the use of end-to-end encryption in consumer communication services with the launch of iMessage, so that messages could only be read by the sender and recipients. FaceTime has also used encryption since launch to keep conversations private and secure. Now with iMessage Contact Key Verification, users who face extraordinary digital threats — such as journalists, human rights activists, and members of government — can choose to further verify that they are messaging only with the people they intend.

The vast majority of users will never be targeted by highly sophisticated cyberattacks, but the feature provides an important additional layer of security for those who might be. Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications. And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call.

Security Keys

Security Keys for Apple ID offers a choice to require a physical security key to sign in to their Apple ID account.
Security Keys for Apple ID offers a choice to require a physical security key to sign in to an Apple ID account.
Photo: Apple

Apple introduced two-factor authentication for Apple ID in 2015. Today, with more than 95 percent of active iCloud accounts using this protection, it is the most widely used two-factor account security system in the world that we’re aware of. Now with Security Keys, users will have the choice to make use of third-party hardware security keys to enhance this protection.

This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government. For users who opt in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors. This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.

Advanced Data Protection for iCloud

Advanced Data Protection for iCloud uses end-to-end encryption.
Advanced Data Protection for iCloud uses end-to-end encryption.
Photo: Apple

“Apple makes the most secure mobile devices on the market. And now, we are building on that powerful foundation,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture. “Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.” For users who opt in, Advanced Data Protection keeps most iCloud data protected even in the case of a data breach in the cloud.

iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.

Apple said a technical overview of the optional security enhancements its Advanced Data Protection features offer can be found in its Platform Security Guide.