Apple announces 3 new security features including WhatsApp-like iMessage contact key verification.

In addition to iMessage contact key verification, Apple has announced two other new security features coming in 2023 to protect your Apple ID account and iCloud data.

  • What is happening? Apple has announced three new security features it says will allow people to protect their most sensitive data and communications.
  • Why care? Better late than never! Competing platforms have some features that Apple has been providing to its users for years, such as checking to see if the recipient’s device may have been hacked.
  • What to do? Apple won’t be releasing new features to the general public for some time, but you can learn as much as you can about them now so you’ll be ready when they’re gone.

Three new security features coming to Apple products in 2023

Apple has introduced three new security features to increase the privacy of your iMessages, increase the security of your Apple ID, and better protect your iCloud data. An announcement posted to Apple Newsroom on December 7, 2022 describes three new security features coming later in December 2022 and early 2023 in iOS 16.2, iPadOS 16.2, and macOS 13.1:

  • iMessage contact key verification
  • Electronic keys for Apple ID
  • Advanced data protection for iCloud

The announcement states that both the iMessage contact key verification feature and Apple ID security keys will launch globally in 2023.

For iCloud Extended Data Protection, it is currently available in the United States as a preview for Apple Software Beta Program members (you can apply for free using your existing Apple ID at beta.apple.com.

Extended Data Protection for iCloud will be publicly launched in the United States by the end of 2022, with a global rollout beginning in early 2023.

iMessage contact key verification

Do you know how you can tap the security code at the bottom of chats on encrypted messaging apps like WhatsApp, Telegram, and Signal to double-check that you’re only chatting with the people you’re going to?

The iMessage contact key verification is very similar to this. Apple admits that the vast majority of users “will never fall victim to sophisticated cyberattacks,”but that won’t stop regular users from taking advantage of them.

If the iMessage contact key verification feature is enabled, it will ping you if a scammer hacks into the iMessage servers and inserts their own device to listen to these encrypted messages. You can also compare the contact verification code in person on FaceTime or another secure call.

Electronic keys for Apple ID

You must secure your Apple ID account with two-factor authentication, which requires you to enter a one-time code after you authenticate with your username and password on a new device. But soon you will be able to authenticate access to your Apple ID account with a wireless network security key.

NFC security keys such as YubiKey from Yubico will work with this feature. Apple claims that this feature will prevent even an advanced attacker from getting the user’s second factor in a phishing scam.

Advanced data protection for iCloud

Most of your data stored in iCloud is end-to-end encrypted, which means that no one but you can read it without the encryption key that is on your device. However, many Apple app data that is stored in iCloud still use weaker encryption, as confirmed by Apple’s iCloud Data Security Review.

Turning on Advanced Data Protection in iCloud settings will increase the number of data categories protected by end-to-end encryption from 14 to 23. For example, note data, your device backups stored in iCloud, message backups, and your photo libraries will be (finally!) end-to-end encrypted. encryption to prevent hacking.

Enabling Advanced Data Protection means that Apple will no longer store encryption keys on its servers. Therefore, in order to recover this data, you will need a password, a recovery contact, or a personal recovery key. You will be prompted to add at least one recovery contact or recovery key before enabling this feature. If you turn it off, your device will securely upload encryption keys to Apple servers.

This feature does not apply to sensitive data from Health and Maps as it is already end-to-end encrypted. “The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar due to the need to interoperate with global email, contacts, and calendar systems,” Apple explains. Read: What is Mail Drop and how to use it on iPhone, Mac and PC

Additional Resources

Apple has published a full technical overview of the additional security enhancements offered by Advanced Data Protection in its Online Platform Security Guide. Alternatively, you can delve into a data breach study titled “The Growing Threat to Consumer Data in the Cloud”[PDF document] by Dr. Stuart Madnick, Professor Emeritus at MIT’s Sloan School of Management.

Apple also offers Lockdown Mode, a dedicated security feature designed to protect high-value targets such as journalists, human rights activists, and diplomats.

CDN CTB