Apple Expands iCloud Backup End-to-End Encryption: Today, Apple announced that it will be enhancing the security of its iCloud service by introducing end-to-end encryption. The company already provides this essential security feature for certain data in its cloud platform, such as passwords, credit card and other payment data, and health data; however, it will provide the option to extend the protection to other sensitive information, such as photos, notes, and, most importantly, iCloud backups. Users who are part of Apple’s Beta Software Program can now try out the new Advanced Data Protection for iCloud function. By the end of this year, it will be accessible to all users in the United States, and by early 2023, it will begin rolling out internationally.
This is just one of the company’s many recent security-related announcements. To better secure your Apple ID, Apple will begin accepting physical keys for two-factor authentication in the first quarter of 2019. Additionally, later this year, the business will release a new iMessage feature called Contact Key Verification, which will alert users if an outside party has hacked the iMessage infrastructure and ensure that they are conversing with the correct person.
As “threats to user data become increasingly sophisticated and complex,” Apple announced the new releases today. As of a January earnings call, there were 1.8 billion Apple products in use around the world. According to an Apple representative who spoke with WIRED, cloud security concerns are on the rise across industries, and it is evident that cloud data is more vulnerable to intrusion than local data.
According to research conducted on behalf of Apple in 2021, 1.1 billion records were compromised in data breaches all around the world. Lockdown Mode is a new security feature in iOS and macOS that was introduced by Apple earlier this year to protect users from sophisticated, targeted cyberattacks. Apple previously believed that its security measures should be robust enough to defend all users without further add-ons, thus this move represented a shift from that stance.
Completely Secure iCloud Backups (With a Few Exceptions)
Apple pioneered the use of end-to-end encryption with the release of iMessage in 2011. Technological behemoths like Meta and Google are still striving to convert some of their popular chat services to incorporate the capability. With end-to-end encryption, only you and the other owners (such as other members of a group chat) will be able to access the data, no matter where it is stored. However, not all Apple products apply the safeguard, and iCloud backups are an especially egregious omission. Due to the lack of end-to-end encryption, Apple could potentially access this data—basically a copy of everything on your device—and share it with third parties such as law enforcement.
It was possible for users to accidentally expose data they didn’t mean to in iCloud backups, despite Apple adding particular workarounds, such as Messages in iCloud, to secure end-to-end encrypted data. Apple’s local backup alternatives have been relied on for years by users who sought to avoid these dangers. Apple told WIRED it will keep supporting local backups for iOS and macOS because it believes in the concept, but it is hoping that the addition of end-to-end encryption to iCloud will convince people who have been on the fence to make the switch.
Enhanced end-to-end encryption would safeguard user information even if Apple were to be compromised. According to WIRED, an Apple spokesperson claims that the business has never heard of any user’s iCloud data being compromised due to a server breach. But he emphasised that Apple’s infrastructure, like that of all major cloud providers, is under constant attack.
Enabling Advanced Data Protection in iCloud is a preference that users can express. In the event that you lose the devices on which your recovery contact or recovery key is saved, this feature will walk you through the steps necessary to regain access to your iCloud data. While this may make using iCloud a little less seamless in some cases, it is conceptually quite similar to the tried-and-true method of backing up your device on an external hard drive. The backups on the hard drive are useless if you lose or damage it, or if you forget the password you set.
Apple warns that even with Advanced Data Protection for iCloud enabled, end-to-end encryption will not be provided for contacts, emails, and calendar information. According to the business, these three are particularly challenging to secure because they all depend on compatibility with legacy protocols and a wide variety of other software. Apple doesn’t want to interfere with your preferred email or calendar programme. However, the data in these three buckets is extremely sensitive and should be treated as such. In response to a question about whether iCloud messages will ever be end-to-end encrypted, an Apple spokesman stated the company had made no such statements at this time but was constantly trying to improve the service.
The use of physical keys increases Apple ID’s security.
Users will also be pleased to hear that Apple ID now works with physical authentication keys. New Apple IDs must now employ two-factor authentication, and Apple claims that 95% of its users have this security setting enabled. On the other hand, hardware tokens are more secure than two-factor authentication codes since users cannot be duped into giving them to attackers. Apple has stated that it will accept FIDO-certified hardware keys because it is a member of the FIDO Alliance, which creates authentication standards.
Apple has been working to add hardware keys for some time, according to a representative who spoke with WIRED, but the business was worried about the difficulty of implementation and user adoption until the most current version of FIDO standards. The corporation, according to the spokesman, is driven by growing risks and increasing ease of access to the keys. It wasn’t until 2019 that, for example, YubiKey, a popular hardware token manufacturer, received Apple’s clearance to produce hardware keys with Lightning adapters for iOS devices.
IMessage Borrows Ideas From Signal
The new iMessage Contact Key Verification feature provides a method for users to confirm that the person they are speaking with is actually the intended receiver, and it is an opt-in security measure. Akin to the Contact Verification Code provided by the secure messaging software Signal, iMessage Contact Key Verification allows users to verify the identity of their digital contact in a trusted manner by comparing two unique codes. For example, if you want to double-check that you’re chatting with your actual cousin, you may give her a call and request that she provide you with the contact verification number. All is well if the codes check out. If they don’t match, it’s possible that a scammer is pretending to be your relative online.
The functionality also provides an automatic alert mechanism for consumers in the event if a party other than Apple compromises the iMessage infrastructure in order to specifically target user messages. A complex and expensive attack like this, in which a hacker joins an end-to-end encrypted chat as an invisible lurker, would be incredibly useful to a malicious actor, but it would also pose a significant risk to the users involved. However, the new warning function may make such a concession less appealing by reducing the opportunity for attackers to lurk and eavesdrop undetected.
All all, these improvements are huge for Apple’s users’ safety, but many of them were overdue on the company’s security to-do list.
- What Are the Differences Between Day Trading and Swing Trading?
- Nothing Looks to the Us for the Next Phone Launch: but There Are Significant Impediments
- Us Security Update for Samsung Galaxy Z Fold 4 in 2022
- Radeon Rx 7900 China Launch Delayed Reportedly Due to Tensions With Taiwan