Dec 8 – On Wednesday, Apple announced plans to enhance its encryption capabilities and augmentation of other security features. This shift will help shield user data from the eyes of cyber criminals and law enforcement alike.
According to Apple, the new security set-ups will let users add end-to-end encryption to iCloud accounts. In turn, this means that data will be decrypted only via users’ own trusted devices. Although select Apple data is already encrypted, the advanced data protection mechanisms will comprehensively cover iCloud backups, notes and photos.
As an increasing number of consumers and enterprises have started to store data in cloud-based locations, and cyber attackers have ramped up cloud attack activities, securing cloud data has become a priority for Apple and other purveyors of technology and technology solutions.
Users who opt into Apple’s new Advanced Data Protection will see protection from government overreach, law enforcement officials, and general cyber hacks. Historically, Apple has shown willingness to comply with court orders around provisioning iCloud data to law enforcement officials, but the newly minted feature is expected to put an end to this, as again, only the user will retain the encryption key needed to unlock data.
Security enhancements for iMessage have also been announced. A new contact key verification feature will allow for the verification of users’ identities via alerts.
“Apple is taking steps to put users in control of their own privacy and security by adding optional features to its popular iMessage platform supported on iPhones/iPads and Macs,” says Check Point expert Tony Sabaj.
However, the move comes with a new set of challenges. “This added layer of security is not without drawbacks, as the end user is now responsible for storing, backing up and securing their own encryption keys. From our experience in mobile security, even though Apple is taking steps to improve privacy, malicious Apps, text/iMessage phishing and zero day threats are unaffected by these measures,” Sabaj continued.
Also on Wednesday…
Apple announced that the company will provide further support for physical security keys. Such devices either rely on NFC technology or can be plugged into devices in order to verify users. For those who want a security key to sign into an Apple ID, this feature will be available, providing an added layer of security.
Apple’s data privacy practices…
In the past, Apple’s data privacy practices have flummoxed and frustrated government and law enforcement officials. The company has worked hard to preserve its image as a champion of privacy and security within an industry that’s known for disrespecting consumer data.
In 2015, the company was lauded for pushing back against the FBI’s request for the company to crack an iPhone belonging to a terrorist who murdered 14 people. At that point in time, Apple stated that it held no sympathy for terrorists and that it respected the FBI, but that the request would affect and jeopardize the security of many iPhones – not just a single one.
Apple regularly uses the company’s prioritization of privacy as a competitive resource. Ahead of the consumer electronics show in 2019, the company ran a billboard that read “What happens on your iPhone, stays on your iPhone.” Recent TV commercials have showcased how other companies commonly handle consumer data.
For more information about this topic, please visit CNet.com. To see past CyberTalk.org coverage of Apple’s privacy practices, click here. Lastly, unpack transformative insights, and learn about how to make your organization more agile and secure when you subscribe to the Cybertalk.org newsletter.