Late last year Apple announced several new security focussed features for people who have the strongest concerns about their communications, their data and access to it. Having already launched in the USA, those features are now available in Australia to iOS Beta users, and will be available to all users next week.
That said, let’s be clear, these aren’t for your average Mum and Dad user of the iPhone. Apple talks about these features as being important to users such as journalists, human rights activists, politicians and diplomats – just for context.
The three new features are iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud.
Apple’s Craig Federighi explains the importance of Security to Apple “At Apple, we are unwavering in our commitment to provide our users with the best data security in the world. We constantly identify and mitigate emerging threats to their personal data on device and in the cloud,”
“Our security teams work tirelessly to keep users’ data safe, and with iMessage Contact Key Verification, Security Keys and Advanced Data Protection for iCloud, users will have three powerful new tools to further protect their most sensitive data and communications.”
What is iMessage Contact Key Verification
While iMessage is end-to-end encrypted, meaning only the sender and recipient can read the messages on their devices, Contact Key Verification goes one step further allowing people to further verify that it really is the person they think on the other end of the chat.
This is done by comparing a contact verification code on each device. The intention is that this is done in person, or over a secure call or video call. During that call each member of the chat would confirm the “number” that is their contact key and check that it matches on the other persons phone. Doing so means you’re 100% certain of who you’re chatting with and that their account has not been compromised in any way.
Should there be any hint of a compromise then the iMessage thread would be updated with a notice (above) that an unrecognised device may have been added to the account.
This is complex and advanced stuff, that again – most of us will never use.
Physical Security Keys to lock down your Apple ID
Security nerds will love this one, and advanced users with security concerns should be jumping on board. Security Keys are a physical method of user authentication.
While 95% of iCloud accounts now use “two factor authentication” which is where you get that pop-up message on another Apple device with a six digit code, it’s now possible to take this one step further with physical security keys.
You purchase these security keys (you need two, because if you get one, then lose it, you’re in a world of pain), and then enable them on your AppleID account.
From then, if you try to log into a new device that key will need to be inserted, present or available to authenticate you.
Basically, if someone is able to get your Apple ID and password, they can’t get into your account without your security key, which you will likely have on your person, and as such a physical theft would be required to access your account.
Not impossible, but far more challenging and unlikely.
Protecting your iCloud Data with encryption
Data you have in the iCloud is used to sync into new devices, to give you easy access to your data from any device and generally act as a backup in the case you lose a device or have any issues.
Right now, Apple protects 14 sensitive data categories with end-to-end encryption. This includes Passwords in Keychain, Health Data and more.
But for those with a stronger interest in security, you can lift that to 23 different categories including Notes, Photos and even your iCloud backups.
The only iCloud data categories of note that would not be included are iCloud Mail, Contacts and Calendars because doing so would make it almost impossible to make them interoperable with non-Apple contact and calendar systems.
Given the number of data breaches is growing and doesn’t show any sign of stopping, while Apple has had no known breach of it’s iCloud for many, cloud storage is a huge exposed and uncontrolled risk.