Mobile Hacking

New iCloud, Apple ID, and iMessage security features from Apple

Published

on

On Wednesday, Apple made a number of security updates, one of which was an Advanced Data Protection setting that made it possible to back up data in its iCloud service with end-to-end encryption (E2EE).

When activated, the main feature is expected to use E2EE to protect 23 types of data, including backups of devices and messages, iCloud Drive, notes, photos, reminders, voice memos, bookmarks for Safari, shortcuts for Siri, and Wallet Passes.

According to the manufacturer of the iPhone, the “need to interoperate with the global email, contacts, and calendar systems” that utilize legacy technologies means that the only major iCloud data categories that are still not protected by E2EE are Mail, Contacts, and Calendar.

Users’ personal data can only be decrypted on trusted devices that still have the encryption keys thanks to Advanced Data Protection’s E2EE protections for iCloud.
Apple explains this in a support document: “If you enable Advanced Data Protection and then lose access to your account, Apple will not have the encryption keys to help you recover it. You will need to use your device passcode or password, a recovery contact, or a personal recovery key.”

Apple has responded to a persistent criticism that it holds the encryption keys to iCloud backups, making the data susceptible to data breaches, requests from law enforcement, and even Apple’s own employees.

Encryption’s use to protect user data has been inextricably linked to a problem known as “going dark,” in which government agencies are unable to gather digital evidence supporting serious crimes and other criminal investigations.

According to reports from The Wall Street Journal and WIRED, Cupertino confirmed that it has abandoned its contentious plans for scanning messages for child sexual abuse material (CSAM) stored in iCloud Photos alongside the announcement of expanded end-to-end encryption.

Craig Federighi, Apple’s senior vice president of software engineering, was quoted as saying, “Child sexual abuse can be prevented before it occurs.” That is where we will focus our efforts moving forward.”

Apple is introducing a new iMessage security feature called Contact Key Verification to ensure that “they are messaging only with the people they intend” as part of a related security-themed upgrade. In addition, Apple is expanding two-factor authentication for Apple ID by adding support for hardware security keys.

If a nation-state adversary successfully breaches its cloud infrastructure and adds a rogue Apple device to eavesdrop on encrypted communications, the functionality, primarily aimed at journalists, human rights activists, and members of the government, is designed to send automatic alerts.

Similar to Signal’s similar feature, the tech giant stated, “And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call.”

However, it is important to note that iMessage is an instant messaging platform that is only available within the Apple ecosystem and is not compatible with other major operating systems like Windows or Android.

Because of these lock-in barriers, the new security measures no longer apply when communicating with Android smartphone users. Instead, Apple’s Messages app sends the chat content as standard, unencrypted SMS messages.

Apple, as far as concerns its, has excused updating SMS/MMS to RCS, a better informing standard with E2EE, top notch media sharing, read receipts, and composing markers.

Nearly three months ago, Apple introduced another optional feature called Lockdown Mode to safeguard iPhones and other Apple products against state-backed hackers and commercial spyware intrusions.

High level Information Assurance for iCloud is supposed to be accessible to U.S. clients before the year’s over with iOS 16.2, iPadOS 16.2, and macOS 13.1. Along with Security Keys for Apple ID and iMessage Contact Key Verification, the feature is scheduled to be made available to all users worldwide in 2023.

In an effort to reduce spam, the upcoming iOS 16.2 update will also enforce an AirDrop restriction that was first implemented in China with iOS 16.1.1. This restriction limits wireless transfers from non-contacts within close proximity to ten minutes.

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending

Exit mobile version