{"id":31188,"date":"2023-01-26T19:36:13","date_gmt":"2023-01-26T17:36:13","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/apple-new-data-protection\/31188\/"},"modified":"2023-01-26T19:36:28","modified_gmt":"2023-01-26T17:36:28","slug":"apple-new-data-protection","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/apple-new-data-protection\/31188\/","title":{"rendered":"New privacy features in Apple devices"},"content":{"rendered":"

In December 2022, Apple announced<\/a> a raft of new user data protection features. The most important was the expanded list of end-to-end encrypted data uploaded to iCloud. In most cases, only the owner of a key has access to it, and even Apple itself won\u2019t be able to read this information. There was also an unofficial announcement: the company mentioned it was dropping its controversial plans for a technology to scan smartphones and tablets for child pornography.\n<\/p>\n

Encryption of iCloud backups<\/h3>\n

\nLet\u2019s start with the innovation of most interest. Owners of iPhones, iPads and macOS computers (not all, but more about that below) can now encrypt backup copies of their devices uploaded to iCloud. We\u2019ll try to explain this rather complicated innovation as simply as possible, but there\u2019ll still be plenty of detail as it is really quite important.<\/p>\n

All Apple mobile devices upload backups of themselves to iCloud by default. This extremely useful feature helps restore all data to a new device as it was on the old one at the time of the last backup. In some cases, such as if your smartphone is lost or broken, it\u2019s the only way to access family photos or work notes. You\u2019ll likely have to pay extra for this feature: Apple provides a mere 5 GB of cloud storage for free, which fills up fast. You either have to buy extra gigabytes or choose what data to back up: for example, you might exclude music, video, and other heavy files.<\/p>\n

Apple has always encrypted backups on its servers, but in such a way that both the company and the user had the decryption key \u2014 so backups were only protected from hacks against the company\u2019s servers themselves. The December update of Apple operating systems introduced a new end-to-end encryption<\/a> feature whereby data remains encrypted all the way from sender to recipient.<\/p>\n

This kind of encryption is of most relevance to communication tools \u2014 especially messengers. Its presence shows that the developer cares about data confidentiality; for example, Apple\u2019s own messaging service, iMessage, has long used end-to-end encryption. The convenience of end-to-end encryption depends on its implementation. For instance, in Telegram most chats are unencrypted<\/a> and accessible on all devices connected to the account, but you can create a separate \u201csecret\u201d chat with another user; this exists only on the device on which you initiated the encrypted chat, and its content is visible only to you and your chat partner, no one else.<\/p>\n

But back to backups. By default, Apple backups save all information on your device, including iMessage correspondence. What\u2019s of note here is that, although iMessage communication is encrypted end-to-end, if an attacker somehow manages to get a backup copy of your phone, they\u2019ll be able to read your message history. Plus, they\u2019ll have access to a huge amount of other data: photos, documents, notes, and so on. It is this potential security hole that Apple has fixed.<\/p>\n

With end-to-end encryption of backups, you\u2019re the only sender and recipient of data, and only you have access to the key to decrypt it. If the algorithm is implemented correctly, Apple won\u2019t be able to decrypt your data even if it wants to. Someone who gets hold of your Apple ID without knowing the encryption key won\u2019t be able to steal your data either.<\/p>\n

The new setting is called Advanced Data Protection, and it looks as follows:<\/p>\n

\"Advanced<\/a>

Advanced Data Protection settings<\/p><\/div>\n

It\u2019s important to note that, once the feature is enabled, you and only you are responsible for access to your data: if you lose the encryption key, even Apple support would be powerless to help. That\u2019s why the new privacy setting will be voluntary: if you decide not to activate it, your backups will still be available to Apple and could be stolen by intruders if, say, your Apple ID is hacked.<\/p>\n

Incidentally, Advanced Data Protection cannot be activated on a device recently added to your Apple ID. After all, if someone gets hold of your Apple ID and activates end-to-end encryption on their smartphone, you\u2019ll lose access to your data. Even if you manage to restore access to your account, you won\u2019t have the encryption key! Therefore, if you just bought a new Apple device, you can only enable Advanced Data Protection from the previous one.\n<\/p>\n

End-to-end encryption of other data<\/h2>\n

\nApple\u2019s new feature is not limited to just smartphone, tablet, and laptop backups. Photos and notes will also be encrypted. It\u2019s possible that this list will grow, but for now Apple is talking about strong protection for 23 categories of data, without specifying which. Previously, end-to-end encryption was used for 14 categories, including iMessage chats, Keychain passwords, and all health-related data, such as readings from Apple Watch sensors.<\/p>\n

But we do know what end-to-end encryption definitely won\u2019t be used for: iCloud mail, calendars, and contacts. According to Apple, this is to ensure compatibility with other developers\u2019 systems.\n<\/p>\n

Hardware security keys for Apple ID authentication<\/h2>\n

\nEven with end-to-end encryption implemented, access to many types of data on your iPhone, iPad or Mac is through your Apple ID account. If an attacker manages to gain access to it, they\u2019ll be able to restore your backup on their device (which is what Advanced Data Protection prevents) and track your location using Find My.<\/p>\n

A common way to steal your Apple ID credentials is phishing. Having stolen your iPhone, the thieves can\u2019t just resell it, except perhaps for parts. They must enter your Apple ID to unlink the phone from it, after which a new owner can register it. And when you\u2019re desperately trying to find your phone (for example, using Find My iPhone), you\u2019re very easily duped<\/a>: strange text messages seemingly from Apple arrive at the contact number you specified, with a link to sign in with your Apple ID. Instead of Apple\u2019s website, you go to a plausible imitation and enter your credentials, which fall straight into the cybercriminals\u2019 hands. Alas, sometimes even two-factor authentication<\/a> (which requires an additional code) doesn\u2019t help. The phishing page may consider this protection method and ask you for a one-time verification code.<\/p>\n

A hardware security key (a separate device like a flash drive) greatly reduces the likelihood of falling for phishing. In this case, for Apple ID authentication, you either put the NFC key near the device, or insert it into the Lightning or USB-C connector. All data is exchanged in encrypted form only with Apple\u2019s servers. It\u2019s almost impossible for a fake phishing site to successfully imitate this kind of authentication.<\/p>\n

\"Apple<\/a>

Apple ID account sign-in screen requiring a physical security key<\/p><\/div>\n

Additional protection for iMessage<\/h2>\n

\nAnother minor innovation concerns Apple\u2019s native messenger. After the update, it will warn you if a third party can see messages between you and another user. The details aren\u2019t yet known, but the feature is expected to counter the most sophisticated attacks, such as man-in-the-middle<\/a> ones. If that happens, you\u2019ll get a warning about possible eavesdropping right in the chat. What\u2019s more, iMessage Contact Key Verification users will be able to compare the verification code either (i) when actually meeting the person with whom you\u2019re messaging, (ii) on FaceTime, or (iii) in another messenger app.<\/p>\n

\"iMessage<\/a>

iMessage Contact Key Verification lets users verify they\u2019re communicating only with whom they intend<\/p><\/div>\n

iMessage Contact Key Verification will be useful to potential victims of sophisticated and expensive cyberattacks: journalists, politicians, celebrities, etc. Ordinary users are more likely to be inconvenienced by it, like the previously unveiled Lockdown Mode<\/a>. In any case, it will be available to everyone.\n<\/p>\n

When will the new features be available?<\/h2>\n

\nThe most useful feature \u2014 Advanced Data Protection \u2014 already went live on December 13, 2022. To use it, you need to update all<\/em><\/strong> devices linked to your Apple ID account; the minimum operating system requirements are:\n<\/p>\n