Apple Expands End-to-End Encryption to iCloud Backups

Apple announced today that it is launching expanded end-to-end encryption protections in its iCloud service. The company already offers the vital security feature for some data in its cloud platform—including passwords, credit card and other payment data, and health data—but it will offer an option to extend the protection to other sensitive information including photos, notes, and, crucially, iCloud backups. The feature, known as Advanced Data Protection for iCloud, debuts today for users enrolled in Apple’s Beta Software Program. It will be available to all United States users by the end of the year and will start rolling out globally in early 2023.


This content can also be viewed on the site it originates from.

The move comes as part of a broader slate of security-related announcements from the company. Beginning early next year, Apple will support the use of hardware keys for Apple ID two-factor authentication. And later in the year, the company will also roll out a feature called iMessage Contact Key Verification that will allow users to confirm they are communicating with the person they intend and warn them if an entity has compromised the iMessage infrastructure.

Apple said today that the new releases come “as threats to user data become increasingly sophisticated and complex.” There were 1.8 billion Apple devices in active use around the world as of a January earnings call. An Apple representative told WIRED that threats to data stored in the cloud are visibly on the rise across the industry, and that in general, it is clear that data stored in the cloud is at greater risk of compromise than data stored locally. A study commissioned by Apple found that 1.1 billion records were exposed in data breaches around the world in 2021. Earlier this year, Apple announced a feature for iOS and macOS known as Lockdown Mode, which provides more intensive security protections for users facing aggressive, targeted digital attacks. The step was a departure for Apple, which had formerly taken the approach that its security protections should be strong enough to defend all users without special add-ons. 

End-to-End Encrypted iCloud Backups—With Exceptions

When it comes to end-to-end encryption, Apple was early to deploy the protection with the launch of iMessage in 2011. Meanwhile, tech giants like Meta and Google are still working to retrofit some of their popular messaging platforms to support the feature. End-to-end encryption locks down your data so only you and any other owners (like other participants in a group chat) can access it regardless of where it is stored. The protection isn’t in use everywhere across the Apple ecosystem, though, and a particularly glaring omission has been iCloud backups. Since these backups weren’t end-to-end encrypted, Apple could access the data—essentially a complete copy of everything on your device—and share it with other entities, like law enforcement. 

Apple added specific workarounds, like one known as Messages in iCloud, to protect end-to-end encrypted data, but it was easy for users to make mistakes or misunderstand the options and end up exposing data they didn’t intend in iCloud backups. Users who wanted to avoid these potential pitfalls have relied on Apple’s local backup options for years. The company told WIRED that it plans to continue to support local backups for iOS and macOS and believes firmly in the concept, but it hopes that expanded end-to-end encryption in iCloud will reassure users who have been waiting to make the move.

Expanded end-to-end encryption would protect a user’s data even if Apple itself were breached. An Apple representative told WIRED that the company is not aware of any situations in which a user’s iCloud data has ever been stolen because of a breach of iCloud’s servers. He added, though, that Apple’s infrastructure is constantly under attack, as is the case for all major cloud companies.

Advanced Data Protection for iCloud is an optional feature that users can elect to enable. When you turn it on, the feature will guide you through a process to set up a recovery contact or recovery key so you can access your iCloud data if you lose the devices the keys are stored on. The change could make using iCloud slightly less seamless in certain scenarios, but it is similar conceptually to the familiar process of backing up your device on an external hard drive. If you lose or break the hard drive or forget the password you protected it with, you can’t access the backups that are on it.

Source link