Apple has announced the introduction of three new advanced security features focused on protecting against threats to user data in the cloud.
“At Apple, we are unwavering in our commitment to provide our users with the best data security in the world. We constantly identify and mitigate emerging threats to their personal data on device and in the cloud,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications.”
Apple’s New Security Features
The new security features are:
- iMessage Contact Key Verification
- Security Keys for Apple ID
- and Advanced Data Protection for iCloud
iMessage Contact Key Verification
iMessage is using end-to-end encryption so that messages can only be read by the sender and the recipient.
The new “iMessage Contact Key verification” security feature enhances the protection for “users who face extraordinary digital threats“, such as journalists, human rights activists, and politicians.
They can further verify that they are messaging only with the people they intend.
Conversations between users who have enabled iMessage Contact Key Verification to receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed in breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications.
Security Keys for Apple ID
With “Security Keys”, users will be able to make use of third-party hardware security keys to enhance the existing two-factor authentication in iCloud.
This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government.
For users who opt-in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors.
This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.
Advanced-Data Protection for iCloud
Advanced-Data Protection for iCloud is end-to-end encryption for data that is synced between devices via iCloud. Encrypted data is only decrypted on your devices, so it would not be exposed in the event of an iCloud data breach.
Until now, iCloud protected 14 different data categories in this way, including passwords in iCloud Keychain, and Health data. For those users that choose to enable Advanced Data Protection, this will rise to 23, including iCloud Backup, Notes, and Photos.
Apple notes that Mail, Contacts, and Calendar are not covered because of interoperability issues with global systems that would arise.
The most important part of this new protection is iCloud backups, which are basically a copy of everything on your device. So far, these backups weren’t end-to-end encrypted. This meant, for example, that Apple could access the data and share it with other entities, like law enforcement.