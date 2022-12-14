



Lisa Ercolano

Published December 13, 2022

For years, Apple has protected users’ health data, passwords, credit cards, and other payment information in iCloud with end-to-end encryption. However, users’ photos, notes, and iCloud backups were unencrypted, making them vulnerable to anyone with access to iCloud.

Things changed last week when Apple announced Advanced Data Protection for iCloud. The company says this provides the highest level of security for more sensitive information and data stored in iCloud.

Matthew Green, a nationally recognized cryptography expert and associate professor in the Department of Computer Science at the Johns Hopkins Institute of Information Security and the Whiting School of Engineering, welcomed the move and discussed its implications with Hub. We talked.

Why is it such a big deal for Apple to introduce new data protections for users?

Apple has spent years building the infrastructure necessary to enable end-to-end backup for iCloud. This means backups that ensure that only you can access your data. No hackers, no law enforcement, no governments, not even Apple.

Interestingly, Apple didn’t, even though they had the infrastructure to do this eight years ago. We’ve limited the use of end-to-end encryption to things like password protection and web history protection. rice field. This new feature changes that.

“Apple sets the standard for what secure consumer cloud backup looks like, and I have little doubt that competitors across the industry will follow suit.”

matte green

Institute of Information Security, Johns Hopkins University

One thing to note is that this new feature requires users to opt-in.This allows the user to[設定]It means that you will receive the new encryption feature only if you enable the feature by turning on the switch in the menu. Also users who have enabled this feature will lose the backup if they forget their phone password It also means it can be dangerous. To mitigate this risk, Apple is building a new “Social Backup” feature. With this feature, you can designate a friend to help you restore your backup should it occur. Apple hopes this combination will allow most iPhone and Mac users to perform encryption. These features help thwart the full range of hacking attacks that criminals use to steal users’ data and extort vulnerable people.

If Apple had the ability to protect this data, why wait to deploy it?

There is a lot of speculation about it. Two years ago, Reuters reported that the FBI pressured the company to drop plans to enable the feature, saying it would negatively impact investigations. This is because many police investigations rely on his access to phone backups that Apple was able to surrender when presented with a warrant. It is no longer possible. In fact, when Apple announced its new iCloud data protection measures last week, FBI sources told The Washington Post that they were “deeply concerned” about the threat posed by user-controlled encryption and “turned Americans into criminals.” It’s hampering our ability to protect from.” They carry out acts ranging from cyber attacks and violence against children to drug trafficking, organized crime and terrorism. ”

However, Apple seems to have overcome these concerns.

Do you think this move by Apple will lead competitors like Samsung and Google to offer similar levels of security?

Apple sets the standard for what a secure consumer cloud backup should look like. I have little doubt that competitors across the industry are chasing them.

Google and WhatsApp deserve credit for independently deploying some of this end-to-end backup technology. But I think this move by Apple will create an impetus for companies to continue their race to provide consumers with better privacy features.

The positive side of this for consumers is that it will undoubtedly lead to a better and more secure experience. I hope it becomes highly recommended for users to turn it on for their own protection. His two-factor authentication from Apple (a feature that requires a one-time passcode sent to your phone when you try to log into your iCloud account) is a great example of this. Currently, this protection is optional, but about 95% of Apple’s customers use it.

What other security enhancements has Apple introduced?

One improves iMessage (Apple’s end-to-end encrypted messaging service) by preventing someone from adding new devices to your account without your permission. This makes it very difficult for hackers to read encrypted text messages. Again, you have to opt in, but opting in sets a kind of “key transparency” that makes it harder for people to add new devices that can receive iMessage chats. It’s not what most people think, but it eliminates one of iMessage’s big weaknesses. This means Apple could be hacked or forced to bypass iMessage encryption.

It’s important to note that there’s no reason to believe this actually happened, but some governments have claimed that systems like Apple’s iMessage are vulnerable to this type of attack.

Finally, Apple has made many great improvements to account access, including providing support for Hardware Security Keys to protect sensitive corporate accounts. These features are widely used by businesses that rely on these keys to prevent phishing attacks and other account takeovers. All of these protections are features that businesses in particular really like.

What else should consumers know about Apple’s new security features?

The bottom line is that something important happened in Cupertino. In the past, Apple was clearly hesitant to introduce enhanced encryption features, but now it’s clearly stepping up. I’m not sure what changed, but whatever it is, I’m happy to see it.

