Apple today announced three new advanced security features. First, the new iMessage Contact Key Verification will allow users to verify they are communicating only with whom they intend. Second, Security Keys for Apple ID will allow users to use physical security keys to sign into their Apple ID account. Third, Advanced Data Protection for iCloud will enable end-to-end encryption to protect iCloud data, including iCloud Backup, Photos, Notes, and more. Find the details below.
- Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications. And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call.
- For users who opt in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors. This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.
- iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.
Availability details:
- iMessage Contact Key Verification will be available in 2023.
- Security Keys for Apple ID will be available in early 2023.
- Advanced Data Protection for iCloud is available in the US today for members of the Apple Beta Software Program, and will be available to US users by the end of the year. The feature will start rolling out to the rest of the world in early 2023.
