Danny's newsletter - Issue #29
Apple Enhances User Security
Recently there were new security features introduced by Apple that will be taking effect soon. These will have a big impact on users' security and privacy and I wanted to briefly discuss them.
What this means is more controls to protect users data and more power in the users hands. Granted, not every digital user is security minded, but this leans the average user in that direction.
What it will offer are 3 main features
End-to-End encryption for iCloud
iMessage verification
Security Keys for Apple ID
End-to-End encryption for iCloud
The first is a polarizing topic and has had many experts that have talked deeply about it so I won’t dive deeply on this one. The TLDR is that the data that lives on the apple device will only be able to be decrypted from that trusted device, this includes iCloud backups. This includes Law enforcement requesting access to someone's data (and won’t get access to it).
iMessage Verification
The second, iMessage verification adds another layer of integrity to iMessage, ensuring the recipient and the sender are in fact talking to each other. A user will get an alert if there is unrecognized activity coming from the sender's account. This mainly applies to those that are targeted by advanced adversaries (think government officials, journalists, execs) but the option will be extended to all users
Security Keys
Lastly, there will be Security Keys implemented as well. I have long advocated for the use of security keys as it is the most secure form of two-factor authentication we have today. This will mean having a physical security key as your second factor instead of an SMS code or a push notification. This alone, will result in millions of users not getting phished for their Apple ID's.
Here is the newsroom post.
Here is the technical overview with more details.
https://support.apple.com/guide/security/advanced-data-protection-for-icloud-sec973254c5f/web
See you in the next one!