Apple is launching 'advanced' security for chats and pictures on iCloud

Apple plans to allow users to more tightly secure their photos and notes stored on its iCloud service.

Users will require a physical security key when logging in from a new device, it said on Wednesday.

The forthcoming options, along with another security measure for Apple’s iMessage chat program, are particularly aimed at celebrities, journalists, activists, politicians and other high-profile individuals heavily targeted by hackers, the company said.

The iPhone maker said that though it was not aware of breaches to iCloud servers or iMessage exchanges, hacking attempts are increasing.

Users in the US will be able to activate the free Advanced Data Protection for iCloud storage by the end of the year.

When turned on, Apple cannot help users recover photos, notes, voice memos and about 20 other types of data if they forget their password. It will expand globally next year.

The option to require plugging a security fob into a new device to access an Apple account is expected to roll out next year.

Google already supports such hardware keys, which are certified by industry body FIDO and cost about $25.

On iMessage, conversations between users who enable the new Contact Key Verification next year would receive automated alerts about unrecognized devices potentially snooping on the exchange.

Users can manually verify their communication is secure by matching up security codes, too. Secure chat services such as Signal offer comparable features.

‘Hardware security keys offer protection and peace of mind knowing that it is one of the most secure ways of entering an account and is often offered as an entry method to highly sensitive accounts,’ said Jake Moore, global cybersecurity advisor at ESET.

‘Attackers still largely target Apple users with phishing scams or via physical device thefts, but the use of security keys will potentially go one step further towards mitigating this common risk and it will inevitably protect Apple accounts even more,’

According to Moore, to gain the full security benefits of this new feature, it is best to remove all other forms of account verification and solely rely on physical security keys to gain access which will stop hackers bypassing this form of chosen authentication. 

Source: Read Full Article