Apple announces new security and privacy measures amid rising cyberattacks

Apple announced a raft of security and privacy improvements on Wednesday that the company is touting as a way to help people protect their data from hackers, including those long championed by civil liberty and privacy advocates.

The tech giant will soon allow users to choose to secure more data backed up to iCloud using end-to-end encryption, meaning that no one but the user will have access to that information.

Apple says the changes will help users protect their digital lives from hackers in the exceptional case that an advanced country representative manages to breach the company’s servers. But privacy advocates like Albert Fox Kahn, founder of the Surveillance Technology Watch Project, say these changes may have a more immediate impact on the kinds of user data law enforcement and government agencies can get from Apple. He said the changes “acknowledge the massive public backlash against expanded spying on our devices,” particularly in the wake of the Supreme Court’s overturning of federal protections for abortion.

“This kind of protection is most valuable in protecting against not cybercriminals, but people who abuse government power to coerce a company into handing over data,” Kahn said. “Apple has been in a position to be the long arm of the police for years. Their guide to law enforcement shows dozens of ways they can help with investigations and now for people who choose to protect.” [feature]There will be a guarantee in the future.”

This could be a concern for government agencies looking to secure user data to aid their investigations. Apple declined to comment on whether the company has discussed changes with law enforcement or government agencies. But the FBI has already expressed its displeasure with the changes that would protect user data from being accessed by the agency. In a statement to The Washington Post, the FBI said it was “deeply concerned” by Apple’s decision to implement end-to-end encryption for the vast majority of content stored on iCloud and said the agency needed a backdoor or some other way to access that. Information.

“This impedes our ability to protect the American people from criminal acts that range from cyberattacks and violence against children to drug trafficking, organized crime and terrorism,” the FBI said. “In this age of cybersecurity and the demand for “security by design,” the FBI and law enforcement partners need “legal access by design.”

Companies like Apple are becoming an increasingly attractive entity to hackers and law enforcement alike because of the sheer amount of information they hold on people. Recent years have brought a boom in the world Cyber ​​attacks and data breaches. In the first quarter of 2022, there were 404 publicly reported data breaches, up 14% from the same quarter a year earlier, according to a report from the Identity Theft Resource Center (ITRC). There was an overall increase of 68% in data breaches between 2020 and 2021.

The number of law enforcement and government requests for data Apple has received has also gone up, according to the company’s latest transparency report. Between January and July 2021, the company received more than 12,000 requests for various types of user information, up from more than 10,000 requests in the last six months of 2020.

Full encryption of user information stored in iCloud, which Apple calls iCloud Advanced Data Protection, will be rolled out first to a small subset of test users before launching broadly in the US before the end of the year and globally in 2023. The new view will mean information such as messages that have been backed up on iCloudAnd the Notes and photos It will be fully encrypted.

Screenshot of the user interface for a new security feature from Apple. Image: Apple

The change won’t cover all data, however — contacts, calendar information, and email won’t be encrypted — and users will have to voluntarily opt into the feature. The encryption key or code used to access that secure data will be stored on the device. This means that if the user who opted for this protection loses access to their account, they will be responsible for using their key to regain that access — Apple will not store encryption keys in iCloud.

The feature not being turned on for all users by default remains a point of contention among privacy advocates.

“I am less critical of Apple [not encrypting contacts, calendar information and email] Just given how difficult it is to cut through many email programs and calendar tools,” Kahn said. “But I think moving to privacy default for iCloud is the most important step.”

The company says it chose these features because the system requires users to be responsible for encryption keys and other means to recover and restore access to that information. According to Apple’s website, “If you lose access to your account, only you can recover this data, using your device passcode or password, recovery contact, or recovery key.”

In addition to iCloud data protection, Apple plans to roll out a physical security key system for people who sign into their iCloud account on any new device. It works as a hardware-based two-factor authentication system. For those who choose to use this additional layer of security, they will be required to plug a physical security key into the charging port on the phones to verify their identity when signing into their iCloud account on a new device.

However, users who choose to use this to protect their iCloud accounts will be responsible for keeping these security keys – master key and backup key.

Screenshot of the user interface for a new security feature from Apple.
Screenshot of the user interface for a new security feature from Apple. Image: Apple

Finally, the company is rolling out a code system that will allow people to verify that their messages only go to their intended recipient and have not been hacked by a hacker. Users of the encrypted messaging app Signal may be familiar with this process. In the case of Apple, two people who have enabled the system will be able to exchange their unique code and their devices will automatically detect if someone with a different code has entered the conversation. Automatic alerts pop up in conversations between users who have enabled this verification feature “if an exceptionally advanced adversary, such as a state-sponsored attacker, successfully compromises cloud servers and inserts their own hardware to eavesdrop on these encrypted communications,” the company said in the press release announcing the products.

#Apple #announces #security #privacy #measures #rising #cyberattacks

Leave a Reply

Your email address will not be published. Required fields are marked *