Apple has introduced 3 important security innovations for protect customers from theft of sensitive data and account violations. The new features concern iCloud, Messages and two-factor authentication.
They will come in stages starting from the United Statesto then be rolled out globally from early 2023.
In depth
Why using the same password is dangerous and 5 password managers to fix it
by Emanuele Capone
More secure iCloud data
Most notable of the new features is the expansion of end-to-end encryption to more files and data users save in iCloud: as of iOS 16.2, iPadOS 16.2 and macOS 13.1users will be able to enable the Advanced Data Protection option to encrypt a total of 23 categories of data and files, 9 more than currently available.
Currently, end-to-end encryption is already available for data such as Shared Keychain passwords, your health data from the Health app or your Maps history. To these will soon be added the files and contents of iCloud Drive, Notes, Reminders, Photos, Voice Memos, Safari Favorites, Siri Commands, Passes saved on the Wallet and above all the backups of devices and messages, which until now they remained the Achilles heel of Apple’s cloud security. They remain at the moment emails, contacts and calendar are excluded from the listthat is, data that needs to interoperate with global email, contact management, and calendaring systems that aren’t compatible with end-to-end encryption.
ADP-protected data can only be decrypted by the owner’s devices logged into the corresponding iCloud account e not even Apple will be able to view or retrieve them in any way. This means that users should be especially careful not to lose their logins: if they lose their credentials, iCloud files can only be recovered through devices using their PIN, or through a recovery contact or recovery key, from generate in advance.
Coinciding with the decision to extend end-to-end encryption to Photos and backups as well, came the definitive shelving of plans for secure scan of iCloud data looking for potential child pornography content (CSAM, in jargon). The initiative, which had been clumsily associated by Apple with another, much more commendable, for the protection of minors from sexting, had attracted strong criticism because in contrast to Apple’s policies to protect privacy: “After extensive consultations with experts to gather feedback on the child protection initiatives we proposed last year, we are focusing our investments in the Communication Safety feature that we have made available for the first time in December 2021 – they explained from the company – We have also decided not to proceed with the previously proposed CSAM detection tool for iCloud Photos. Children can be protected without companies sifting through personal data; We will continue to work with governments, child protection organizations and other companies to help protect children, preserve their right to privacy and make the Internet a safer place for them and for all of us.”
Security keys
During 2023, Apple will also make compatible with iPhones and iPads with third-party Security Keys, such as Yubikey based on Fido standards. Physical security keys are actual thumb drives that can be used as security tokens for two-factor authentication, instead of a code sent by SMS (procedure that can hide some pitfalls)by mail or on other devices connected to the same account, as is the case for iCloud.
Apple explained that the feature is “designed for users who, due to their public profile, fear complex attacks against their accounts, such as journalists, celebrities, or public officials”. However, nothing prevents anyone from using a physical security key, which costs little, is easy to find and is undoubtedly a more secure tool than sending a code. With the activation of this new compatibility, in a future version of iOS users will be able to use keys equipped with an NFC chip for authentication by simply holding them close to the integrated reader on the iPhone and iPad.
Software
Apple introduces Lockdown Mode against spyware and malware: how it works
by Andrea Nepori
Verify contacts’ keys in Messages
Finally, the third security news announced by Apple concerns Messages and is the introduction of a verification of the cryptographic keys of the contacts in the chats. Like WhatsApp or Signal, Messages on iPhone also uses end-to-end encryptionto ensure that conversations can only be read by the sender and receiver.
With the reverification of cryptographic keys integrated into the chat, Messages will display a message in the event of a violation of the integrity of the keys of one of the two participants. Also in this case Apple specifies that the novelty is not designed so much for ordinary users but rather for those at high risk, who could be victims of particularly complex cyberattacksalso aimed at infiltrating their private communications.