Apple is not only doubling down on user and data security, but tripling down. On Wednesday, the Cupertino-based tech giant announced three advanced features geared towards protecting users’ cloud-based data. The new features include iMessage Contact Key Verification, support for physical security keys for Apple ID and Advanced Data Protection for iCloud.
Protecting iMessage Account User and Data Security
In iOS 16, Apple introduced Lockdown Mode to the iPhone. The principle of this feature was to allow someone facing an extraordinary digital threat to more tightly secure their device. This could be a journalist, a human rights activist, a diplomat or some other government official.
The next iteration in that protection is iMessage Contact Key Verification. With this feature, not only are messages end-to-end encrypted, but users can also choose to further confirm their messaging with their intended recipients.
Secure messaging app Signal does something similar already. Users of that platform can generate unique codes to compare with each other, just to make sure an account hasn’t been compromised somehow.
When iMessage Contact Key Verification comes available, this same level of protection will be incorporated into the iPhone’s stock messaging app.
Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications.
Users will also be able to do Contact Verification Code comparison in person, on FaceTime or through another secure call.
Adding Security Keys Alongside Two-Factor Authentication
According to Apple, more than 95% of all active iCloud accounts have turned on two-factor authentication (2FA) since it debuted in 2015. Cupertino will soon enhance this protection with Security Keys.
Using third-party hardware security keys, Apple’s 2FA will get even stronger. It’s become more common for sophisticated hackers to bypass even the toughest software-based 2FA, so adding hardware key support is vital.
When configured, hacking into an Apple ID becomes much more difficult. The user configures a device that either plugs into their iPhone or uses NFC to complete the authentication. Without that hardware key, the login fails.
Stronger, More End-to-End Encryption for iCloud
Finally, Apple announced Advanced Data Protection for iCloud. Currently, 14 sensitive data categories get end-to-end encryption in iCloud. That number is increasing to 23, with end-to-end encryption added to more data categories.
Users already have things like their iCloud Keychain passwords and Health data protected. Once rolled out, users will be able to add end-to-end encryption for their iCloud backups, Notes and Photos.
The only major iCloud data categories that won’t gain the enhanced protection are iCloud Mail, Contacts and Calendar. These features need to interoperate with other email, contact and calendar systems, so further encryption would be difficult, if not impossible.
Availability of Apple’s New User and Data Security Features
Some of these new user and data security features are already rolling out, gradually. Others should come available in 2023. Members of the Apple Beta Software program in the U.S. can already take advantage of Advanced Data Protection for iCloud in the iOS 16.2 Release Candidate.
We expect Advanced Data Protection to be available for all U.S. users on iOS 16.2 next week. The global rollout is slated for early 2023. Apple says iMessage Contact Key Verification will be available globally in 2023. Security Keys for Apple ID should arrive in early 2023.