Apple has announced a range of security and privacy enhancements for the for their platforms including encryption of a range of personal data stored in their iCloud, for instance messages, photos, files etc.. It is being rolled out and tested in the US in the next few months and is coming to the rest of the world in 2023.
Apple announces new security and privacy measures amid surge in cyber-attacks | Apple | The Guardian
The encryption does not extend to contacts, calendar or email and this would have a serious impact on the hundreds of apps that interact with this data and the built in apps.
The move would mean that if the company servers were breached by a threat actor (most) of the user data would remain useless to the breach.
There is a level of personal responsibility here. Apple will not store the encryption keys – they will be stored on the device. It will be up to the user to take all the technical steps Apple specifies to protect their account, because if they lose access to their account they permanently lose access to their data. I’m OK with that.
I am also OK with it being an “opt in” service – I like to make the decisions about my security and I understand that there is a risk with the key being on my device and I will deal with that. Privacy advocates are saying it should be on by default but I am with Apple on this, that people need to understand the implications of losing their device.
Apple are also going to introduce physical security keys that will have to be plugged into your device when signing in on any new device. Again the user will be responsible for these actual keys and if they lose them (or have them stolen) there will be nothing Apple can do to help. I’m in again.
The final announcement is a security enhancement for messages where users can choose to share unique codes that will allow their devices to pair. This would then verify that messages are only going between the intended parties and alert the users if there was an unauthorised device/user in the conversation.
Here is the full news release:
Apple advances user security with powerful new data protections – Apple – iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud provide users with important new tools to protect their most sensitive data and communications
Do you want to get stared now?
If you have not done it yet, take the first steps in securing your Apple ID and iCloud account – review and set up the Account Recovery and Trusted Phone Number options:
Settings – Apple ID – Password & Security
You just need a trusted person with an iOS device.
The above image reminds me of two things…
Do you want to know more about electronic redaction of documents?
The Basics of Cyber Security – A quick look at OSINT and Redacting
And of course you already have two-factor authentication switched on:
Something you know, something you have or something you are.
Clive Catton MSc (Cyber Security) – by-line and other articles