As a result, it will be more challenging for hackers, spies, and law enforcement organisations to access senstitive user information.
The world’s most valuable company has long placed customer security and privacy at a premium. Its iMessage and Facetime communications services are fully encrypted end-to-end and it has sometimes locked horns with law enforcement agencies, including the FBI, over its refusal to unlock devices.
Also Read: Apple gives developers more pricing choices amid ongoing commission debacles
But a lot of what customers backed up remotely using Apple’s iCloud service — including photos, videos and chats — has not been afforded uncompromising protection through end-to-end encryption, a technology that prevents even Apple from decrypting it. That has made it easier for crooks, spies — and criminal investigators with court orders — to get at it.
No longer. The loophole that law enforcement had for getting at iPhone data will now be considerably narrowed..
Cybersecurity experts have long argued that attempts by law enforcement to weaken encryption with backdoors are ill-advised because they would inherently make the internet less reliable and more dangerous.
Last year, Apple announced, then withdrew after a flood of objections, a plan to scan iPhones for photos of child sexual abuse.
“Where Apple was hesitant about deploying encryption features last year … it now feels like they’ve decided to put the gas pedal down,” noted Johns Hopkins cryptography professor Matthew Green on Twitter.
Apple’s encryption announcement offers what the company calls Advanced Data Protection, to which users of its devices must opt in. It adds iCloud Backup, Notes and Photos to data categories that are already protected by end-to-end encryption in the cloud, including health data and passwords. Not included in the iCloud encryption scheme are email, contacts and calendar items because they must interoperate with products from other vendors, Apple said.
It said Advanced Data Protection for iCloud would be available to U.S. users by the end of the year and start rolling out to the rest of the world in early 2023.
In a blog post, Apple said “enhanced security for users’ data in the cloud is more urgently needed than ever,” citing research that says data breaches have more than tripled over the past eight years.
Other tech products that already offer end-to-end encryption include the world’s most popular messaging app, WhatsApp, and Signal, a communications app prized by journalists, dissidents, human rights activists and other dealers in sensitive data.
Apart from this, Apple also announced advanced security features on Wednesday called iMessage Contact Key Verification.
“With iMessage Contact Key Verification, users who face extraordinary digital threats — such as journalists, human rights activists, and members of government — can choose to further verify that they are messaging only with the people they intend, it wrote in a blog post.
Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications. And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call.
Another security feature which the company launched was Security Keys. With Security Keys, users will have the choice to make use of third-party hardware security keys to enhance this protection.Â
It is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government. This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam, the company said
Earlier in July, Apple announced a new optional feature called Lockdown Mode that is designed to protect iPhones and its other products against intrusions from state-backed hackers and commercial spyware.
Apple said at the time that it believed the extra layer of protection would be valuable to targets of hacking attacks launched by well-funded groups.
Users are able to activate and deactivate lockdown mode at will.
(With inputs from AP)
Download The Mint News App to get Daily Market Updates & Live Business News.