Apple introduced today Advanced Data Protection for iCloud, a new feature that uses end-to-end encryption to protect sensitive iCloud data, including backups, photos, notes, and more.
For customers who choose to enable this new security feature, Advanced Data Protection is designed to safeguard “most iCloud data even in the case of a data breach in the cloud” by ensuring that encrypted cloud data can only be decrypted on the users’ trusted devices.
Those who opt-in will first be prompted to choose an alternate recovery method (the device passcode or password, a recovery contact, or a personal recovery key) required if they lose access to their Apple account. This is needed because Apple will not have the decryption keys to recover the data.
The data types protected using end-to-end encryption include device and message backups, iCloud Drive, Photos, Notes, Reminders, Safari bookmarks, Wallet passes, voice memos, Siri shortcuts, and more.
iCloud Mail, Contacts, and Calendar data will not be encrypted because it’s needed to communicate with other email, contacts, and calendar systems.
“Starting with iOS 16.2, iPadOS 16.2 and macOS 13.1, you can choose to enable Advanced Data Protection to protect the vast majority of your iCloud data, even in the case of a data breach in the cloud,” Apple explains on its support website.
The ability to opt-in to encrypted iCloud backups is a really big win for users and bad news for law enforcement, who loved to request iCloud backups to save them the trouble of breaking into a phone.
— Eva (@evacide) December 7, 2022
Users can also toggle off backup encryption at any time, and their devices will securely upload the encryption keys to Apple servers (their accounts will automatically switch back to standard data protection).
Advanced Data Protection is already available in the U.S. for customers enrolled in Apple’s Beta Software Program and will be available to all U.S. later this month. It will start rolling out for users outside the U.S. in early 2023.
“Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture.
Apple also introduced two additional security features today: iMessage Contact Key Verification and Security Keys for Apple ID.
The first enables iMessage users to verify the identity of the people on the other end, and it alerts them if a threat actor manages to add their own device into the conversation to snoop on their encrypted communication channel.
“Now with iMessage Contact Key Verification, users who face extraordinary digital threats — such as journalists, human rights activists, and members of government — can choose to further verify that they are messaging only with the people they intend,” Apple said.
The second allows Apple customers to set up their Apple ID account to require a physical security key to finish the sign-in process.
“This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government,” Apple added.
Today’s announcement follows the iOS 16 release in September, when Apple introduced more features to boost iPhone users’ security and privacy, including Lockdown Mode and Security Check.
First unveiled in July, Lockdown Mode defends high-risk individuals such as human rights defenders, journalists, and dissidents from “extremely rare and highly sophisticated cyber attacks” like targeted deployments of mercenary spyware.
On the other hand, the Safety Check privacy tool provides users whose personal safety is in immediate danger with an emergency reset for their account security and privacy permissions to block those they no longer want to be connected to.
Source: www.bleepingcomputer.com