December 7, 2022
update
Apple Improves User Security with Powerful New Data Protection
iMessage Contact Key Verification, Apple ID Security Keys, and iCloud Advanced Data Protection give users important new tools to protect their most sensitive data and communications.
Apple today introduced three advanced security features focused on protecting against threats to user data in the cloud. This represents the next step in our ongoing commitment to providing users with even stronger ways to protect their data. With iMessage Contact Key Verification, users can be sure that they are only communicating with the intended audience. With Apple ID Security Keys, a user can choose whether to require a physical security key to sign in to her Apple ID account. And with iCloud’s Advanced Data Protection, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users can further protect important iCloud data, including iCloud backups, photos, notes, and more. you can get a choice.
As threats to user data become more sophisticated and complex, these new features make Apple products the most secure on the market, from security built right into custom chips with best-in-class device encryption and data. It joins other protection suites that make Even features like lockdown mode provide extreme optional levels of security for users such as journalists, human rights activists, and diplomats. Apple is committed to improving both device and cloud security, adding new protections over time.
“At Apple, we remain committed to providing our users with the best data security in the world. We constantly identify and mitigate new threats to personal data on devices and in the cloud,” said Apple Software Engineering. Senior Vice President, Craig Federighi said. “Our security team works tirelessly to keep our users’ data safe. With iMessage Contact Key Verification, Security Keys, and iCloud’s advanced data protection, users can keep their most sensitive data safe and secure. You get three powerful new tools to further secure your communications.”
iMessage contact key verification
Apple pioneered the use of end-to-end encryption in consumer communication services with the launch of iMessage, ensuring messages can only be read by the sender and recipient. FaceTime has also used encryption since its inception to keep conversations private and secure. With iMessage Contact Key Verification, users facing extraordinary digital threats, such as journalists, human rights activists and government officials, can choose to further verify that they are only messaging with the intended audience. . While the vast majority of users will never be targeted by sophisticated cyber-attacks, this feature provides an important additional layer of security for those who may. Conversations between users who have iMessage contact key verification enabled can be compromised by a very sophisticated attacker, such as a state-sponsored attacker, who can compromise his servers in the cloud and insert his own device into these encrypted communications. Receive automatic alerts when someone successfully eavesdrops on For added security, iMessage Contact Key Verification users can compare contact verification codes in person, FaceTime, or through another secure call.
security key
Apple introduced two-factor authentication for Apple IDs in 2015. Today, over 95% of active iCloud accounts use this protection, making it the most widely used two-factor account security system in the world that we know of. Security Keys allows users to choose whether to use third-party hardware security keys to enhance this protection. This feature is designed for users such as celebrities, journalists, and government officials who face joint threats to their online accounts due to public profiles. For users who opt-in, Security Keys enhances his two-factor authentication with Apple by requiring a hardware security key as one of the two factors. This takes two-factor authentication a step further, making it impossible for even sophisticated attackers to obtain a user’s girlfriend’s second factor with a phishing scam.
Advanced data protection for iCloud
For years, Apple has provided industry-leading data security for its devices with Data Protection, an advanced file encryption system built into iPhones, iPads, and Macs. “Apple makes the most secure mobile devices on the market, and now we are building on that strong foundation,” said Ivan Krstić, head of security engineering and architecture at Apple. says. “Advanced Data Protection is Apple’s highest level of cloud data security, giving you the option to secure most of your most sensitive iCloud data with end-to-end encryption and decryption only on trusted devices. For users who opt-in, Advanced Data Protection protects most of their iCloud data, even in the event of a data breach in the cloud.
iCloud already uses end-to-end encryption by default to protect 14 sensitive data categories, including iCloud Keychain passwords and health data. For users with Advanced Data Protection enabled, the total number of data categories protected using end-to-end encryption increases to 23, including iCloud backups, notes, and photos. The only major iCloud data categories not covered are iCloud Mail, Contacts, and Calendars, as they must interoperate with global email, contacts, and calendar systems.
Enhancing the security of user data in the cloud is more urgent than ever, as demonstrated in a new summary of data breach investigations released today, “The Growing Threats to Consumer Data in the Cloud.” Experts say the total number of data breaches more than tripled between 2013 and 2021, exposing 1.1 billion personal records worldwide in 2021 alone. Across the technology industry, more and more companies are addressing this growing threat by implementing end-to-end encryption in their products.
availability
- iMessage Contact Key Verification is expected to be available globally in 2023.
- Apple ID security keys will be available worldwide in early 2023.
- Advanced Data Protection for iCloud is available now in the US for members of the Apple Beta Software Program and will be available to US users by the end of the year. This feature is expected to begin rolling out globally in early 2023.
- A complete technical overview of the optional security enhancements provided by Advanced Data Protection can be found in the Platform Security Guide, along with the data breach study “The Growing Threats to Consumer Data in the Cloud” by MIT Professor Emeritus Dr. Stuart Madnick. I’m here. Sloan School of Management.
press contact
Apple Media Helpline
media.help@apple.com