toy soldiers defending a green apple
Apple | News

Apple announces 3 new security features

Posted: December 9, 2022 by Pieter Arntz

Apple has announced three new security features focused on protecting user data in the cloud: iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud.

iMessage Contact Key Verification and Security Keys for Apple ID will be available globally in 2023. Advanced Data Protection for iCloud is available in the US today for members of the Apple Beta Software Program, and will be available to US users by the end of the year. The feature will start rolling out to the rest of the world in early 2023.

3 new features

iMessage Contact Key Verification

Apple’s messaging app, iMessage, already uses end-to-end encryption so that messages can only be read by the sender and recipients. It’s new iMessage Contact Key Verification ramps up the protection for “users who face extraordinary digital threats”, such as journalists, human rights activists, and politicians.

Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications.

Security Keys for Apple ID

In what can be considered another step towards a password-less future, Security Keys for Apple ID will give users the choice to use third-party hardware security keys. A hardware security key uses public-key encryption to authenticate a user, and is much harder to defeat than other forms of authentication, such as passwords, or codes sent by SMS or generated by apps.

For users who opt in, Security Keys strengthen Apple’s two-factor authentication by requiring a hardware security key as one of the two factors.

This new Apple ID support for physical authentication keys is another feature long-sought by users and announced months ago in cooperation with Google and Microsoft.

Advanced Data Protection for iCloud

Advanced Data Protection for iCloud is end-to-end encyption for data that is synced between devices via iCloud. Encrypted data is only decrypted on your devices, so it would not be exposed in the event of an iCloud data breach.

It isn’t new, nor is it complete, but it now covers more kinds of data. Until now, iCloud protected 14 different data categories in this way, including passwords in iCloud Keychain, and Health data. For those users that choose to enable Advanced Data Protection, this will rise to 23, including iCloud Backup, Notes, and Photos.

Apple notes that Mail, Contacts, and Calendar are not covered because of interoperability issues with global systems that would arise.

Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.

The most important part of this new protection are iCloud backups, which are basically a copy of everything on your device. So far, these backups weren’t end-to-end encrypted. Which meant, for example, that Apple could access the data and share it with other entities, like law enforcement.

EFF reaction

The Electronic Frontier Foundation (EFF), which has been campaigning for this option, seems pleased. It applauds Apple for listening to experts, child advocates, and users who want to protect their most sensitive data. They point out that user data will be protected even if there is a data breach in the cloud, a government demand, or a breach from within Apple (such as a rogue employee).

Malwarebytes’ Director of Core Technology, and authority on everything Apple, Thomas Reed is equally happy with the new features. Although he fears that the use of hardware keys as a new option for MFA, is not something the average user will ever appreciate. He’s really happy with the Advanced Data Protection feature.

I’ve never been comfortable with putting my iPhone backups in iCloud, for example, but with this change I may start doing so.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

RELATED ARTICLES

Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments
week in security
News

A week in security (April 8 – April 14)

April 15, 2024 - A list of topics we covered in the week of April 8 to April 14 of 2024

CONTINUE READING 0 Comments
change social security number
News

How to change your Social Security Number

April 12, 2024 - Wondering whether changing your SSN is an option. Read here what you need to qualify for a new SSN and what you need to get one.

CONTINUE READING 0 Comments
mercenary spyware alert
News | Privacy

Apple warns people of mercenary attacks via threat notification system

April 11, 2024 - Apple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.

CONTINUE READING 0 Comments
A 13-year-old girl is using her smartphone in the dark room. The content she is browsing projects in front of her.
Cybercrime | Personal

How to protect yourself from online harassment

April 10, 2024 - Don't wait for an online harassment campaign to unfairly target you or a loved one. Take these proactive steps today to stay safe.

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Pieter Arntz

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams