December 7, 2022
UPDATE
Apple advances user security with powerful new data protections
iMessage Ignition Key Verification, Apple ID Security Keys and Advanced Data Protection for iCloud provide users with important new tools to protect their most sensitive data and communications
Apple today introduced three advanced security features focused on protecting against threats to user data in the cloud, representing the next step in its ongoing efforts to provide users with even more effective ways to protect their data. . With iMessage Contact Key Verification, users can verify that they are only communicating with who they intended. With Apple ID security keys, users have the option of requiring a physical security key to sign in to their Apple ID account. And with Advanced Data Protection for iCloud, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users have the choice to further protect important iCloud data, including iCloud backup, photos, notes, etc.
As threats to user data become more sophisticated and complex, these new features join a suite of other protections that make Apple products the most secure on the market: security built right into our custom chips with the better device encryption and data protections, to features such as lockdown mode, which provides an extreme and optional level of security for users such as journalists, human rights activists and diplomats. Apple is committed to strengthening device and cloud security, and adding new protections over time.
“At Apple, we are unwavering in our commitment to providing our users with the best data security in the world. We are constantly identifying and mitigating emerging threats to their personal data on devices and in the cloud,” said Craig Federighi, senior vice president of software engineering at Apple. “Our security teams work tirelessly to keep user data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most valuable data and communications. sensitive.”
iMessage Ignition Key Check
Apple pioneered the use of end-to-end encryption in consumer communication services with the launch of iMessage, so messages could only be read by the sender and recipients. FaceTime has also used encryption since its launch to keep conversations private and secure. Now, with iMessage Contact Key Verification, users facing extraordinary digital threats – such as journalists, human rights activists and members of government – can choose to further verify that they only communicate with people they want. The vast majority of users will never be targeted by highly sophisticated cyberattacks, but the feature provides an important additional layer of security for those who might be. Conversations between users who have iMessage ignition key verification enabled receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, manages to break into cloud servers and insert their own device to listen to these encrypted communications. And for even higher security, iMessage Contact Key Verification users can compare a contact verification code in person, on FaceTime, or through another secure call.
Security keys
Apple introduced two-factor authentication for Apple ID in 2015. Today, with over 95% of active iCloud accounts using this protection, it is the most widely used two-factor account security system. in the world to our knowledge. Now, with Security Keys, users will have the option of using third-party hardware security keys to enhance this protection. This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and government officials. For enrolling users, Security Keys augment Apple’s two-factor authentication by requiring a hardware security key as one of two factors. This takes our two-factor authentication one step further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.
Advanced Data Protection for iCloud
For years, Apple has offered industry-leading data security on its devices with Data Protection, the sophisticated file encryption system built into the iPhone, iPad, and Mac. “Apple makes the most secure mobile devices on the market. And now we’re building on that powerful foundation,” said Ivan Krstić, head of engineering and security architecture at Apple. “Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so it cannot be decrypted. only on their trusted devices.” For users who sign up, Advanced Data Protection protects most iCloud data even in the event of a cloud data breach.
iCloud already protects 14 categories of sensitive data using end-to-end encryption by default, including passwords in iCloud Keychain and health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption increases to 23, including iCloud backup, Notes, and Photos. The only major categories of iCloud data that are not covered are iCloud Mail, Contacts, and Calendar due to the need to interact with global mail, contacts, and calendar systems.
Stronger security for user data in the cloud is more urgent than ever, as demonstrated by a new data breach research brief, “The Rising Threat to Consumer Data in the Cloud,” released today. Experts say the total number of data breaches more than tripled between 2013 and 2021, exposing 1.1 billion personal records across the world in 2021 alone. Increasingly, companies in the technology industry are addressing this growing threat by implementing end-to-end encryption in their offerings.
Availablity
- iMessage ignition key verification will be available worldwide in 2023.
- Apple ID security keys will be available worldwide in early 2023.
- Advanced Data Protection for iCloud is available in the US today for members of Apple’s beta software program and will be available to US users by the end of the year. The feature will start rolling out to the rest of the world in early 2023.
- A full technical overview of the optional security enhancements offered by Advanced Data Protection can be found in our platform security guide, as well as the data breach research “The Rising Threat to Consumer Data in the Cloud” by the Dr. Stuart Madnick, professor emeritus at MIT. Sloan School of Management.
Press contacts
Trevor Kincaid
Apple
t_kincaid@apple.com
(202) 281-6403
Shane Bauer
Apple
sa_bauer@apple.com
(512) 966-7192
Apple Media Phone Support
media.help@apple.com
(408) 974-2042
#Apple #advances #user #security #powerful #data #protections