Security and privacy experts, cryptographers, and customers for years have been urging Apple to implement end-to-end encryption for its iCloud backups, and the company is finally on the cusp of doing so.
By the end of the year, all Apple customers will have the option of enabling Advanced Data Protection for iCloud, which will extend E2EE to iCloud backups, Notes, and photos, along with a few other data categories. The move will eliminate one of the major weak spots in Apple’s data protection infrastructure: the iCloud backups of users’ device data. Right now, those backups are not encrypted, which makes them targets for attackers and also makes them reachable by law enforcement agencies with proper authorization. When users opt in to Advanced Data Protection, that will encrypt those backups and Apple will not have access to the keys to decrypt them.
“Advanced Data Protection is Apple’s highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices, said Ivan Krstic, Apple’s head of security engineering and architecture.
The new option is already available to people who are in Apple’s beta program and should be generally available by the end of 2022. The move will not sit well with law enforcement agencies that have relied on access to those iCloud backups for many years.
“In this age of cybersecurity and demands for ‘security by design,’ the FBI and law enforcement partners need ‘lawful access by design,’” the FBI said in a statement to The Washington Post.
Along with the change to iCloud backups, Apple is adding two other security features to its ecosystem, including the ability for people to use hardware security keys as a second factor of authentication when signing into their iCloud accounts. At the moment, Apple’s two-factor authentication system uses SMS, which is much weaker than using a hardware security key.
The third new addition is a feature in iMessage that is designed to prevent attackers from being able to add a new device into an iMessage conversation in order to eavesdrop on it. Both iMessage and FaceTime conversations are encrypted, but an attacker who can gain access to one of Apple’s servers may be able to insert a device into someone else’s private conversations. To defeat this, Apple is introducing iMessage Contact Key Verification.
“Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications. And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call,” Apple said.
The key verification feature is meant mainly for high-risk users such as activists, journalists, and celebrities, but will be available to anyone sometime in 2023.