Apple announces full iCloud encryption is coming alongside other new security tools
For the first time, Apple will soon offer full encryption for iCloud. It’s just one of the new security-based features the iPhone maker surprisingly announced on Wednesday.
In a press release (opens in new tab), Apple introduced three advanced security features, iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud. Each of the services is expected to launch sometime in 2023.
As the Washington Post quickly noted following this news, these changes will effectively put Apple’s cloud storage system “out of reach of most hackers, spies and law enforcement.
A lot to unpack
With iMessage Contact Key Verification, Apple promises users will soon be able to verify they are communicating only with who they intend. The new technology is ideally suited for anyone who faces “extraordinary digital threats,” such as human rights activities, journalists, and government officials, although anyone can use the verification tool.
Apple explains: “Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications. And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call.”
Meanwhile, the new Security Keys will allow users to further use third-party hardware security keys to enhance Apple’s two-factor authentication system for Apple ID.
Per Apple: “For users who opt in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors. This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.”
Finally, the most controversial of the announced services is Advanced Data Protection for iCloud. The technology will protect most iCloud data even when there’s a data breach in the cloud.
According to Ivan Krstić, Apple’s head of Security Engineering and Architecture, “Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices.”
Currently, iCloud already protects 14 sensitive data categories with end-to-end encryption. These include passwords in iCloud Keychain and Health data. With Advanced Data Protection, this number will jump to 23 and (finally) include iCloud Backup, Notes, and Photos.
Apple explains, “The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.”
In announcing today’s news, Craig Federighi, Apple’s senior vice president of Software Engineering, says, “Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys, and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications.”
The new services will launch at different times. Apple says iMessage Contact Key Verification “will be available globally in 2023,” while Security Keys for Apple ID will arrive in “early 2023.”
Beginning today, members of the Apple Beta Software Program in the U.S. only will be able to use Advanced Data Protection. It arrives for everyone else in the U.S. before the end of the month. The rest of the world will get its hands on the feature in “early 2023.”