Apple advances user security with powerful new data protections

[DrMacintosh]

Summary

Apple just released a newsroom article to announce three new security features meant to protect user privacy in the cloud. Apple announced:

 

Quotes

Quote

iMessage Contact Key Verification, Security Keys for Apple ID, and Advanced Data Protection for iCloud provide users with important new tools to protect their most sensitive data and communications

iMessage Contact Key Verification:

Quote

Conversations between users who have enabled iMessage Contact Key Verification receive automatic alerts if an exceptionally advanced adversary, such as a state-sponsored attacker, were ever to succeed breaching cloud servers and inserting their own device to eavesdrop on these encrypted communications. And for even higher security, iMessage Contact Key Verification users can compare a Contact Verification Code in person, on FaceTime, or through another secure call.

Security Keys:

Quote

with Security Keys, users will have the choice to make use of third-party hardware security keys to enhance this protection. This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government. For users who opt in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors. This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.

Advanced Data Protection for iCloud:

Quote

iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data. For users who enable Advanced Data Protection, the total number of data categories protected using end-to-end encryption rises to 23, including iCloud Backup, Notes, and Photos. The only major iCloud data categories that are not covered are iCloud Mail, Contacts, and Calendar because of the need to interoperate with the global email, contacts, and calendar systems.

 

My thoughts

I have always believed that Apple is a leader in consumer data protections. With these new features, even more people will be able to feel safe with their data on Apples Servers. I encourage everyone to opt-in to these features, especially encrypting your photos and backups. I hope Apple continues to push forward with consumer data protection enchantments to further distinguish itself from the "You are the product" buisness models of companies like Google and Microsoft. 

 

To further demonstrate how serious this is, the FBI is worried that Apple is implementing these features. The FBI provided multiple statements on the subject: 

Quote

This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism," the bureau said in an emailed statement. "In this age of cybersecurity and demands for 'security by design,' the FBI and law enforcement partners need 'lawful access by design.

Quote

it's great to see companies prioritizing security, but we have to keep in mind that there are trade-offs, and one that is often not considered is the impact it has on decreasing law enforcement access to digital evidence.

https://www.macrumors.com/2022/12/08/fbi-privacy-groups-icloud-encryption/

 

Sources

 https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/

https://www.macrumors.com/2022/12/08/fbi-privacy-groups-icloud-encryption/

[tim0901]

31 minutes ago, DrMacintosh said:

I have always believed that Apple is a leader in consumer data protections [...] I hope Apple continues to push forward with consumer data protection enchantments to further distinguish itself from the "You are the product" buisness models of companies like Google and Microsoft. 

Clearly someone missed this one - Apple is no better than those companies you listed when it comes to tracking you and turning you into the product. It's all just marketing.

 

[divito]

I can understand hardware keys, but why are the other two opt-in? Why not default?

[Fasterthannothing]

40 minutes ago, DrMacintosh said:

 

I have always believed that Apple is a leader in consumer data protections. 

It took them till almost 2023 to add hardware keys they are in no way a leader

[suicidalfranco]

Gotta love the pr speech

Hey Apple: what about China?

[SeriousDad69]

Chinese Apple users need not apply lol

[Mark Kaine]

2 hours ago, DrMacintosh said:

I have always believed that Apple is

Ok, but they still give these important security keys that protect their customers data to any state organization that asks, right?

 

Serious question,  cause i found this "states actor" thing especially funny tbh.

[DrMacintosh]

23 minutes ago, Mark Kaine said:

Ok, but they still give these important security keys that protect their customers data to any state organization that asks, right?

Apple has never stored or handed the encryption keys over to any government agency in the past. When Apple has complied with requests for data in the past, it was because that data was not encrypted on iCloud. Now that the data can be encrypted, there is nothing to hand over to authorities. 

[hishnash]

5 hours ago, divito said:

I can understand hardware keys, but why are the other two opt-in? Why not default?

The reason is users do not want to loos access to thier entier photo lib due to having dropped thier phone and not knowing their iCloud PW and backup key. 

When it comes to encryption and backup there is always a tradeoff between making the data impossible for others to access or making it easy for you to recover when you need it.   

[hishnash]

4 hours ago, SeriousDad69 said:

Chinese Apple users need not apply lol

No these opts also apply in china.  

In the last 6 months apple have moved almost all of the critical production out of china all they have left is some iPhone production and that is shut down right now (protests) so this is exactly the right time to make a move that will upset the local gov as there is not much that they can do to hurt apple that the z-covid policy has not already done.  This could even be considered an active move by apple to get back at china.

As to the story were iPhones no longer just accept random air-drops from users I expect (through apple did not say this) this was due to the security implications of letting someone display an image (a common zero-day exploit vector) on 100s of other peoples phones within within a local area.  Just imagine if you have an exploit in the PNG or JPEG rendering (... in the last few years there have been 3 of these) having airdrop be open by default so that you can just trigger an airdrop out to everyone in a local area with the compromised image to infect thier phones is a very scary concept.   Why did apple role this out in china before the rest of the world? well it could well be that they suspect that the regime might well be exploiting a 0 day like this but apple do not want to tell the regime this before they can figure out how to patch the bug.

[mr moose]

9 hours ago, DrMacintosh said:

Apple has never stored or handed the encryption keys over to any government agency in the past.

No, they can't hand over the keys, bu they can hand over the data they have,  which if you think is all safely locked up you are genuinely not understanding how complex this issue is or how much data these companies can hand over.

 

 

[Mark Kaine]

29 minutes ago, mr moose said:

No, they can't hand over the keys, bu they can hand over the data they have,  which if you think is all safely locked up you are genuinely not understanding how complex this issue is or how much data these companies can hand over.

 

 

that was my point,  i don't know the technicalities,  but if asked they *must* give out the data ... and in this case probably even the data they don't have? im not so sure if saying "lol encryption" goes over well at a European court for example...

 

i mean at this point i have to ask, how would apple not know the keys, are they generated on the fly by the phones? (i guess that would be possible) but how "legal" is that?

 

and i know that's a bad thing and apple shouldn't be forced, but that's the thing they are likely very much responsible for whatever happens on their "network". 

[Dracarris]

12 hours ago, tim0901 said:

Clearly someone missed this one - Apple is no better than those companies you listed when it comes to tracking you and turning you into the product. It's all just marketing.

True if you only read the title of this thread and watch respective clickbait YT videos.

[Montana One-Six]

10 hours ago, DrMacintosh said:

Apple has never stored or handed the encryption keys over to any government agency in the past. When Apple has complied with requests for data in the past, it was because that data was not encrypted on iCloud. Now that the data can be encrypted, there is nothing to hand over to authorities. 

Keep believing that. There are several government agencies from multiple western countries that have access to a lot more than you might think and those don't need anything from apple because they already have access to anything they want. Sure that might not be 100% legal but what are you going to do? I mean you don't know for certain and have no evidence for that unless you are confronted with it and in that case you are probably about to be prosecuted for some hardcore shit and no one cares about you and your feelings anymore or you are about to join those agencies and in that case you are willingly giving up your privacy and the right to go public with it (unless you like being imprisoned for the rest of your life).

[Obioban]

14 hours ago, divito said:

I can understand hardware keys, but why are the other two opt-in? Why not default?

Currently, if you lock yourself out of your phone, Apple can help you recover your data after you provide proof of identity. For the average consumer, this is more valuable than cloud backup encryption. If they choose to turn off that ability, that's a choice the customer is making-- so data loss is on them.

 

... I'll be turning cloud backup encryption on.

[Obioban]

12 hours ago, Mark Kaine said:

Ok, but they still give these important security keys that protect their customers data to any state organization that asks, right?

 

Serious question,  cause i found this "states actor" thing especially funny tbh.

Since the FBI has already said they're concerned about this, pretty clearly no:

https://www.macrumors.com/2022/12/08/fbi-privacy-groups-icloud-encryption/

[Dracarris]

So either end2end encryption actually works in a sense that the FBI and others simply don't have any backdoor access or they are bluffing.

[DrMacintosh]

50 minutes ago, Dracarris said:

So either end2end encryption actually works in a sense that the FBI and others simply don't have any backdoor access or they are bluffing.

If the FBI is worried about Apple implementing this, I think its safe to say nobody is bluffing. 

https://www.macrumors.com/2022/12/08/fbi-privacy-groups-icloud-encryption/

[DrMacintosh]

16 hours ago, tim0901 said:

It's all just marketing.

incorrect

Quote

"This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime, and terrorism," the bureau said in an emailed statement. "In this age of cybersecurity and demands for 'security by design,' the FBI and law enforcement partners need 'lawful access by design.'"

https://www.macrumors.com/2022/12/08/fbi-privacy-groups-icloud-encryption/

[WhitetailAni]

[DrMacintosh]

9 minutes ago, NastyFlytrap said:

And lets not forget that anything and everything you upload to their servers will be shared amongst ALL of their cloud locations around the world.

US and EU customer data does not go to China. This alone proves a fata misunderstanding about how Apple handles user data. Even if Apple started doing that today, you can encrypt that data now, making it useless to any government entity that wanted to look at it. Apple does not store the encryption keys, you do, locally, on your devices. 

 

9 minutes ago, NastyFlytrap said:

Cant find it right now but there was also one where an apple store tech stole a person's nudes, while they are blaming independant stores for doing the exact same

We call that a violation of privacy and criminal misconduct by an employee, not Apple leaking data in the cloud. Completely irrelevant. 

9 minutes ago, NastyFlytrap said:

The "apple protects privacy" argument needs to die in a fucking ditch already.

I don't understand how you can see a massive leap like this, a leap which has made the FBI upset, and say "well actually your data with Apple is an open book" when that is factually incorrect. 

 

9 minutes ago, NastyFlytrap said:

Sorry to take you down a peg but apple does and will violate their privacy for their own personal needs.

Apple is one of the only companies that does data destruction prior to transmission to their servers. For example, enabling location services in Apple Maps. Apple does not know where you were, or where you are now. They simply know there are Apple devices on the road/on transit. Why? Because Apple destroys the hardware identifiers locally before packets get sent out. 

[LAwLz]

18 hours ago, tim0901 said:

Clearly someone missed this one - Apple is no better than those companies you listed when it comes to tracking you and turning you into the product. It's all just marketing.

 

"No better" is a very big exaggeration.

Yes, Apple did something very bad with that story, but some apps sending some data to Apple is quite the big difference compared to let's say Google.

 

Please keep in mind that the world is not black and white. A company can do some bad things but some good things too, and not everyone who does the same bad thing in one instance are equally bad in other regards.

 

 

 

 

5 hours ago, Montana One-Six said:

Keep believing that. There are several government agencies from multiple western countries that have access to a lot more than you might think and those don't need anything from apple because they already have access to anything they want. Sure that might not be 100% legal but what are you going to do? I mean you don't know for certain and have no evidence for that unless you are confronted with it and in that case you are probably about to be prosecuted for some hardcore shit and no one cares about you and your feelings anymore or you are about to join those agencies and in that case you are willingly giving up your privacy and the right to go public with it (unless you like being imprisoned for the rest of your life).

Source?

 

 

27 minutes ago, NastyFlytrap said:

The "apple protects privacy" argument needs to die in a fucking ditch already. They may protect you from some entities, like the US government (and even that sounds dubious to me... but ehh), while they are fucking you sideways with other methods.

It is very important to have a nuanced approach to this.

Just because Apple might fuck you in some ways does not mean we should ignore the goods things they do and treat them as a cartoonishly evil company.

Credit where credit is due.

 

 

  

16 hours ago, Mark Kaine said:

Ok, but they still give these important security keys that protect their customers data to any state organization that asks, right?

 

Serious question,  cause i found this "states actor" thing especially funny tbh.

6 hours ago, Mark Kaine said:

that was my point,  i don't know the technicalities,  but if asked they *must* give out the data ... and in this case probably even the data they don't have? im not so sure if saying "lol encryption" goes over well at a European court for example...

 

i mean at this point i have to ask, how would apple not know the keys, are they generated on the fly by the phones? (i guess that would be possible) but how "legal" is that?

 

and i know that's a bad thing and apple shouldn't be forced, but that's the thing they are likely very much responsible for whatever happens on their "network". 

All the evidence, lawsuits and court trials we have had so far indicates that Apple will just shrug and tell law enforcement and governments "sorry, we can't help you" when that is the truth, such as local evidence encryption.

They will comply with law enforcement to the extent that they are forced to and plausibly can (such as providing metadata, or possibly iCloud backups), but there are several instances where Apple has built the systems in such a way that no matter what, they can't help. For example iMessage conversations and local storage are 100% out of the hands of Apple, by design. They can't get access to it even if they wanted to, and as a result they will just shrug when law enforcement asks them about it. 

 

This is why the US and some other countries have tried to push for legislation where Apple would be forced to implement backdoors into their software in order to be able to assist law enforcement. In 2016 Apple was brought to court for not assisting various government agencies in 12 separate cases where they were asked to break into someone's iPhone.

In one of those cases Apple even refused to use a known vulnerability to get into an iPhone because they did like "being forced to become an agent of law enforcement".

 

 

With these changes, Apple will be even less able to assist law enforcement. iCloud backups have historically been the go-to for law enforcement asking Apple for help, because they are widely enabled and Apple can in fact get access to those. With these changes, that will no longer be the case. A great change if you ask me. There is no reason why Apple should be able to access a backup of a phone. It defeats a big reason for encrypting the device to begin with.

[wanderingfool2]

19 hours ago, DrMacintosh said:

I hope Apple continues to push forward with consumer data protection enchantments to further distinguish itself from the "You are the product" buisness models of companies like Google and Microsoft

Except that Apple has been creeping into the "You are the product" model for a long time now.  As the previous thread showed, they were sending back analytics even when you had the settings not to.

 

Android backup has supported E2EE backups since Android 9   They still haven't done photos, but texts are E2EE in backups.

 

19 hours ago, DrMacintosh said:

To further demonstrate how serious this is, the FBI is worried that Apple is implementing these features. The FBI provided multiple statements on the subject

The funny things about this is that if the FBI is worried about the features, that means they were already accessing that data from Apple.  I'm specifically guessing they are talking about messaging, and being able to intercept it.

 

I do think that it's good that Apple is adding more encryption on their backups and data though...always good in case of a breach.  My opinion though is they are doing this to get brownie points while at the same time being able to reduce their cost (insurance for data breaches can be crazy expensive)

 

Overall though, I do think the FBI brings up a good point to a certain extent.  Under the current aspect of the law you can't compel someone to give up their password.  If everything is encrypted and you have reasonable suspicion a crime has been committed then it creates a real issue in this modern day where the password is the only way to access the data.

 

I do foresee a time where this starts to become a major issue in terms of tracking down digital crimes.

[Blademaster91]

1 hour ago, NastyFlytrap said:

The "apple protects privacy" argument needs to die in a fucking ditch already. They may protect you from some entities, like the US government (and even that sounds dubious to me... but ehh), while they are fucking you sideways with other methods.

Say it with me. Companies are not your friends, they dont give a shit about us, and we're just a number, and a sentient wallet to them.

Agreed, once a company does things multiple times to f$%k you over as a consumer then you should avoid them, going "oh but apple is less bad" is a completely illogical fallacy that needs to stop, its like saying a polished turd is less worse than a plain turd.

 

As for people that want to defend apple, there isn't any "nuance" with what apple is doing, they're giving you good sounding PR to make a profit, apple is a corporation not your friend. I like how that part was conveniently ignored by the way, lol.

[Kisai]

13 hours ago, hishnash said:

The reason is users do not want to loos access to thier entier photo lib due to having dropped thier phone and not knowing their iCloud PW and backup key. 

When it comes to encryption and backup there is always a tradeoff between making the data impossible for others to access or making it easy for you to recover when you need it.   

 

And this is why you should never encrypt things that do-not-matter. Your 30 year old family photos? Does not matter, post those on facebook. Your family recipe no doubt 10,000 other people have something identical? Does not matter. What matters are private photos (eg intimate photos), tax documents, identification documents, and "access keys" to services.

 

One has to ask, "if it's valuable, why the hell are you carrying it around on a personal device", put that stuff on an encrypted usb stick and toss it in a safety deposit box. If you want to ensure you can recover it, keep a copy of the key on your phone in addition to it being written down (Eg a QR code) that you just hide in plain sight somewhere you'll remember it (eg the back of an actual photo.)

 

Like my personal opinion is that too many damn companies force you to change passwords too damn often that it's become impossible to simply do what I just stated. You can't memorize all that BS, or have a copy of it on a usb key at the bank, because you keep having to change it, and once you change it, it's out of sync, and now that offline copy is unusable.