Apple rolls out end-to-end encryption for iCloud data

Original link: https://www.williamlong.info/archives/7015.html

Apple.jpg

Apple today introduced Advanced Data Protection, a new, optional end-to-end encryption scheme that prevents customers’ data in iCloud from being decrypted on “untrusted” devices. Specifically, Advanced Data Protection keeps most of the data in an iCloud account safe even if Apple is hacked, and – as noted in a Wall Street Journal article – prevents Apple from accessing iCloud phone backups in response to law enforcement requests. .

Advanced Data Protection is currently available in the U.S. for members of Apple’s beta software program and will be available to all U.S. users by the end of this year (the rest of the world will follow in 2023), enabling iCloud users’ trusted devices such as iPhones and Macs) have individual access to the encryption keys for most of their data. (Encryption keys are specially generated strings of random bits used to scramble and decrypt data). Once the feature is enabled, Apple’s servers cannot modify certain iCloud settings on the user’s behalf, or access data stored in iCloud backups, photos, notes, and CloudKit fields that third-party developers choose to mark as encrypted.

Before the rollout of Advanced Data Protection, iCloud users couldn’t stop Apple from plowing through the contents of a device’s backups, including text messages and contacts, should it choose to do so.

Readers may recall the tech giant’s battle with the FBI over the San Bernardino shooter’s encrypted iPhone data, during which the agency tried to use the courts to force Apple to unlock the protected iPhone. At the time, Apple argued that the FBI could access the data it sought through unencrypted iCloud backups on its servers.

It’s worth noting that Advanced Data Protection doesn’t work with iWork collaboration tools, shared albums in Photos, iCloud Mail, Contacts or Calendar; Apple blames this on an interoperability requirement. To enable the feature, users must enroll in two-factor authentication for their Apple ID, set up a passcode or passcode on their devices, and update those devices to the latest available software (iOS 16.2, iPadOS 16.2, macOS 13.1, tvOS 16.2 , watchOS 9.2 and the latest version of iCloud for Windows).

In a support document, Apple clarified that Advanced Data Protection does not yet support managed Apple IDs and sub-accounts.

It is important to note that the consequences of data loss can be severe if recovery methods are not set up for Advanced Data Protection. Apple notes that if the restore fails, for example, if the restored contacts’ information is out of date, any encrypted iCloud data is as if lost.

In addition to advanced data protection, Apple this morning announced two other security-related features coming to its product ecosystem: iMessage Contact Key Authentication and Security Key.

iMessage Contact Key Verification allows users “facing special digital threats,” such as journalists and members of government, the option to further verify that they only message with whomever they want. If an adversary hacks into a cloud server to eavesdrop on encrypted communications, iMessage Contact Key Verification will sound an alert and allow users to verify a contact’s verification code against a special ID in person on FaceTime or over a secure phone, Apple said.

Meanwhile, Security Key builds on Apple’s existing two-factor authentication system, which requires a hardware security key as one of two factors to verify a person’s Apple ID credentials. Hardware keys come in a variety of styles and price points, and typically use Bluetooth, NFC, or USB for authentication.

Apple says iMessage contact key verification and Apple ID security keys will be available globally starting in 2023.

Manuscript source: cnBeta

This article is transferred from: https://www.williamlong.info/archives/7015.html
This site is only for collection, and the copyright belongs to the original author.