Apple has unveiled plans to let users choose to encrypt their iCloud backups in a move that will thwart hackers – and also impose limits on law enforcement requests for user data.
The new Advanced Data Protection feature for iCloud will allow users to encrypt data on Apple’s servers and thereby prevent Apple from accessing a user’s content. New content types that support end-to-end encryption (E2EE) include iCloud backups, notes, and photos.
This expands the 14 data categories that are protected by default by E2EE, such as iCloud Keychain, Health data, Messages in iCloud, Maps, Safari History. Now the categories have grown to 23.
As Apple notes, with Advanced Data Protection, only a user’s trusted devices have access to these categories of data. It will protect user content even in the event that attackers compromise iCloud servers.
Advanced Data Protection for iCloud will be available to US users by the end of the year. It will start rolling out to the rest of the world in early 2023. The option will be available in iOS 16.2, iPadOS 16.2, and macOS 13.1 which will be released soon.
“Apple makes the most secure mobile devices on the market. And now we’re building on that powerful foundation,” Ivan Krstić, Apple’s head of engineering and security architecture, said in a statement.
“Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so it cannot be decrypted. only on their trusted devices.”
Digital rights group the Electronic Frontiers Foundation (EFF) has welcomed E2EE iCloud backups, something it has long campaigned for. Apple chief Tim Cook previously explained that Apple did not encrypt iCloud backups because users sometimes lose their private key and then seek Apple’s help in regaining access to their data.
“Encryption is one of the most important tools we have to maintain online privacy and security,” said EFF’s Joe Mullin. “Apple’s on-device encryption is strong, but some particularly sensitive iCloud data, such as photos and backups, continued to be vulnerable to government demands and hackers.”
Categories still not protected by E2EE include iCloud Mail, Contacts and Calendar due to the need to interact with global mail, contacts and calendar systems, according to Apple.
“For users who sign up, Advanced Data Protection protects most iCloud data even in the event of a cloud data breach,” Apple said.
Not everyone is happy though. According The Washington Post, the FBI said it is “deeply concerned” about the threat posed by end-to-end encryption and user-restricted access, saying it hampers agencies’ ability to protect themselves against criminal acts. Many governments and law enforcement agencies are concerned that the increasing use of end-to-end encryption will make it more difficult for them to access information.
For security-conscious and at-risk public figures, Apple is also introducing support for third-party hardware security keys with two-factor authentication for Apple ID. The security key becomes one of the two factors and is required to gain access to the account and prevents phishing attacks that compromise the second factor.
Another security enhancement for public figures and others who may be targeted by advanced attackers is iMessage ignition key verification. This feature allows users to verify that they only communicate with the people they want.
Once a user enables iMessage ignition key verification, they receive automatic alerts if an attacker successfully breaks into Apple’s servers, inserts their own device there, and listens in on encrypted communications. iMessage Contact Key Verification users can also compare a contact verification code in person, on FaceTime or through another secure call, according to Apple.
#Apple #brings #endtoend #encryption #iCloud #backups #Heres #means