Apple is expanding its iCloud security features and introducing support for security keys for two-factor authentication:
Apple will finally be adding end-to-end encryption to iCloud backups, the company said as part of a major set of security announcements on Wednesday. Under what it calls Advanced Data Protection, Apple will expand the number of "data categories" protected by end-to-end encryption from 14 to 23, with backups, Notes, and Photos now covered.
Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only "major" categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because "of the need to interoperate with the global email, contacts, and calendar systems," according to its press release.
Note that this system doesn't have the backdoor that was in Apple's previous proposal, the one put there under the guise of detecting CSAM. iCloud data security overview. Originally spotted on Schneier on Security.
Previously: Apple Reportedly Nixed Plan for End-to-End Encryption in iPhone Backups
Related Stories
Two years ago, Apple dropped a plan that would have made it impossible for the company to decrypt iPhone and iPad backups for law enforcement, according to a Reuters report today. Reuters wrote that "six sources familiar with the matter" confirmed that Apple dropped the end-to-end encryption plan for iCloud Backup "after the FBI complained that the move would harm investigations."
[...] "Under that plan, primarily designed to thwart hackers, Apple would no longer have a key to unlock the encrypted data, meaning it would not be able to turn material over to authorities in a readable form even under court order," the report continued.
[...] Apple had "10 or so experts" working on the end-to-end encryption plan, "variously code-named Plesio and KeyDrop," but told them to stop work on the project once the decision was made, according to Reuters' sources.
[...] Messages is a special case. Messages itself has end-to-end encryption, but iCloud Backup "includes a copy of the key protecting your Messages." If you want full protection for Messages, you'd want to disable iCloud Backup and back your iOS devices up to iTunes on your computer instead.
iCloud Backup's inclusion of a copy of the Messages key "ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices," Apple explains. "When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple."
[...] President Trump blasted Apple on Twitter last week, writing that Apple "refuse[s] to unlock phones used by killers, drug dealers and other violent criminal elements."
Apple countered that it gave the FBI "gigabytes of information" including "iCloud backups, account information and transactional data for multiple accounts."
Apple may be unable to unlock the phones since it hasn't granted the government's request for a backdoor—and continues to argue that encryption backdoors would harm security for all users.
https://arstechnica.com/tech-policy/2020/01/apple-reportedly-nixed-plan-for-end-to-end-encryption-in
(Score: 3, Insightful) by JoeMerchant on Friday December 16, @05:23PM (2 children)
The ONLY way end-to-end encryption for backups will work (properly) is if the user, and only the user, holds the secret key. Said key not to be transmitted in any form to any cloud service for "convenient retrieval."
This means: when the user loses the key, the user loses their backups. I'm going to guess that the "just works" market demographic isn't interested in being made responsible for losing their own backups.
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end
(Score: 2) by digitalaudiorock on Friday December 16, @09:03PM (1 child)
Exactly. Most notably, short of that, any notion that nobody else can get to your data (including the cloud provider) is provably bullshit, like the kind that the FTC spanked Dropbox [wired.com] for. I suspect that's NOT what Apple will provide.
(Score: 3, Interesting) by JoeMerchant on Friday December 16, @09:44PM
When I put home folder encryption on my spanking new MacBookPro in 2006, it was bricked within a month. Driver issues (on their bespoke hardware) caused "graceful shutdown" to not happen, and without "graceful shutdown" the home folder encryption eventually ate itself, unrecoverable. Once your home folder is inaccessible in OSX, Juan - the escalation handler for these issues, who to be fair sounds somewhat competent - Juan says: "that's it, your only option is to re-install the OS from CD-ROM."
So, either they will continue this 'high security' policy today for users who want their data protected, or... they'll have some BS breakable system so that Juan can handle the escalated issues and say: "oh, no, we'll have you fixed up in a jiffy..."
Україна досі не є частиною Росії Слава Україні🌻 https://news.stanford.edu/2023/02/17/will-russia-ukraine-war-end