Apple has announced three new security features designed to protect user data and protect against threats in the cloud, including wider data protections, the ability to verify the identity of contacts and support for third-party security keys.
According to the company, the three new features join a suite of other security tools to make Apple devices “the most secure on the market,” such as custom chips with device encryption and data protections to the recently released Lockdown Mode.
Highlighting the company’s announcement is the introduction of Advanced Data Protection for iCloud, which the company calls its “highest level of cloud data security” that gives users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so it can only be decrypted on users’ trusted devices.
According to Apple, users who opt in can protect most of their iCloud data even in the case of a data breach in the cloud.
While iCloud currently protects 14 sensitive data categories–such as passwords and health data–with end-to-end encryption enabled by default, Advanced Data Protection essentially expands this to 23 data categories, including iCloud Backup, Notes and Photos.
Now, the only major iCloud data categories not covered are iCloud Mail, Contacts and Calendar because of the need to interoperate with global email, contacts and calendar systems, Apple says.
Apple says iMessage Contact Key Verification adds another layer of security to the already end-to-end encrypted iMessage, enabling users more at risk to digital threats to choose to verify that they are communicating with only the people they intend.
According to Apple, the feature will send automatic alerts to users when they are communicating with another user who has the feature enabled in the event of an advanced attack in which a hacker breached cloud servers and inserts their own deice to eavesdrop on encrypted communications.
At a higher level, Apple says iMessage Contact Key allows users to compare a Contact Verification Code in person, on FaceTime or through another secure call.
The company’s new security key feature gives users the choice to make use of third-party hardware security keys to enhance two-factor authentication for their iCloud accounts. The feature is designed for high-profile individuals such as journalists, celebrities, government officials and others.
Users who opt in will have to present a hardware security key as one of the two authentication factors, which the company says can help prevent advanced attackers from stealing a user’s second factor in a phishing scam.
Message Contact Key Verification and Security Keys for Apple ID will be available globally in 2023. Advanced Data Protection for iCloud is available now for members of the company’s beta software program and will be available to U.S. users by the end of the year before a global rollout in early 2023.
Craig Federighi, Apple’s senior vice president of software engineering, says the company constantly identifies and mitigates emerging threats to user data on devices and in the cloud.
“Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications,” Federighi says.
Leave a Reply