December 7, 2022
renew
Apple improves user security with strong new data protection measures
iMessage Contact Key Verification, Apple ID Security Key and iCloud Advanced Data Protection Give Users Important New Tools to Protect Their Most Sensitive Data and Communications
Apple today introduced three advanced security features focused on protecting user data in the cloud from threats, the next step in its ongoing effort to give users stronger ways to protect their data. With iMessage Contact Key Authentication, users can verify that they only communicate with the people they want. With the Apple ID Security Key, users can choose whether to require a physical security key to log in to their Apple ID account. With iCloud Advanced Data Protection, which uses end-to-end encryption to provide Apple’s highest level of cloud data security, users can choose to further protect important iCloud data, including iCloud backups, photos, notes and more.
As threats to user data become more sophisticated and sophisticated, these new features join a host of other protections that make Apple products some of the most secure on the market: from security built directly into our custom silicon, From top-notch device encryption and data protection, to features like Lockdown Mode, it offers an extreme, optional level of security for users like journalists, human rights activists, and diplomats. Apple is committed to strengthening device and cloud security and adding new protections over time.
“At Apple, we are unwavering in our commitment to providing our users with the world’s best data security. We continually identify and mitigate new threats to their personal data on devices and in the cloud,” said Apple Senior Vice President of Software Engineering. President Craig Federighi said. “Our security team has worked tirelessly to keep our users’ data safe, and with iMessage Contact Key Verification, Security Key, and iCloud Advanced Data Protection, users will have three powerful new tools to further protect their most sensitive data and communication.”
iMessage Contact Key Verification
With the introduction of iMessage, Apple pioneered the use of end-to-end encryption in a consumer communications service so that messages can only be read by the sender and receiver. Since its launch, FaceTime has also used encryption to keep conversations private and secure. Now, with iMessage Contact Key Verification, users facing extraordinary digital threats such as journalists, human rights activists and members of government can choose to further verify that they only message with the people they want. The vast majority of users will never be the target of a highly sophisticated cyber attack, but the feature provides an important additional layer of security for those who do. Conversations between users with iMessage Contact Key authentication enabled would be automatically alerted if a particularly sophisticated adversary, such as a state-backed attacker, managed to break into a cloud server and plug in their own devices to eavesdrop on those encrypted communications. For extra security, iMessage Contact Key Verification users can compare contact verification codes in person, over FaceTime, or through other secure calls.
security key
Apple introduced Apple ID two-factor authentication in 2015. Today, over 95% of active iCloud accounts use this protection, making it the most widely used dual account security system in the world that we know of. Now with Security Keys, users have the option to enhance this protection with a third-party hardware security key. This feature is designed for users such as celebrities, journalists, and members of the government who regularly face threats to their online accounts due to their public image. For opt-in users, Security Key strengthens Apple’s two-factor authentication by requiring a hardware security key as one of two factors. This takes our two-factor authentication one step further and even prevents advanced attackers from gaining users’ second factors in phishing scams.
iCloud Advanced Data Protection
For years, Apple has provided its devices with industry-leading data security through Data Guard, a sophisticated file encryption system built into iPhone, iPad, and Mac. “Apple makes the most secure mobile devices on the market. And now we’re building on that strong foundation,” said Ivan Krstić, Apple’s Director of Security Engineering and Architecture. “Advanced Data Protection is Apple’s highest level of cloud data security, giving users the option to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on devices they trust.” For opt-in users , Advanced Data Protection protects most of your iCloud data even in the event of a data breach in the cloud.
iCloud already protects 14 categories of sensitive data with end-to-end encryption by default, including passwords and health data in iCloud Keychain. For users with Advanced Data Protection enabled, the total number of data categories protected with end-to-end encryption increases to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories not covered are iCloud Mail, Contacts, and Calendar due to the need to interoperate with the global email, contacts, and calendar systems.
The need to enhance the security of user data in the cloud is more urgent than ever, as evidenced by a new summary of data breach research, “Growing Threats to Consumer Data in the Cloud,” released today. The total number of data breaches has more than tripled from 2013 to 2021, with 1.1 billion personal records compromised globally in 2021 alone, experts say. A growing number of technology industry companies are addressing this growing threat by implementing end-to-end encryption in their products.
availability
- iMessage Contact Key Verification will be available globally in 2023.
- Apple ID Security Keys will be available globally in early 2023.
- Advanced Data Protection for iCloud is available today in the US to members of the Apple Beta Software Program and will be available to US users later this year. The feature will begin rolling out to the rest of the world in early 2023.
- A full technical overview of the optional security enhancements offered by Advanced Data Protection can be found in our Platform Security Guide, as well as MIT Professor Emeritus Dr. Stuart Madnick’s data breach study “The Growing Threat to Consumer Data in the Cloud” “Sloan School of Management.
press contact
Trevor Kincaid
apple
t_kincaid@apple.com
(202) 281-6403
sean ball
apple
sa_bauer@apple.com
(512) 966-7192
Apple Media Helpline
media.help@apple.com
(408) 974-2042