Tag: End To End Encryption

Apple has been at the forefront of providing solutions to protect its users from cyberattacks. In the latest update issued by Apple, the mobile device manufacturer has extended its cyber security measures to cover services and apps including iCloud Backup and Photos.

The security update will also extend the protection blanket to iMessages, Notes, and Apple ID. With this update, the end-to-end encryption capability of iCloud will extend from 14 to 23 sensitive data categories. This update will help businesses to adopt Apple devices for multiple business activities.

Let us understand some important aspects of this security update.

Contact Key Verification for iMessages: iMessages is an in-built messaging app for Apple devices, commonly used for communication with financial institutions and subscription platforms. The app’s messaging often includes sensitive information such as ‘One Time Passwords’ for financial transactions, making it important to secure. Apple offers end-to-end encryption for iMessages, which has been further enhanced by the addition of iMessage Contact Key Verification. This feature allows users to confirm the identity of the person they are communicating with by comparing a verification code using FaceTime or a secure call and also alerts both users if a breach occurs.
iCloud Data Security: Apple offers Advanced Data Protection (ADP) to users to ensure the security of their cloud data. Users, who opt for ADP, can enable end-to-end encryption of data stored in their Cloud such that it can only be decrypted on the user’s trusted devices. ADP earlier included end-to-end encryption for sensitive data categories such as Health data. However, the latest cyber security update extends the end-to-end encryption to a number of sensitive data categories like iCloud Backup, Photos, and Notes. Some categories containing sensitive data such as iCloud Mail, Contacts, and Calendar have not been included in the update as these apps often operate in coordination with other global systems.
Security Keys: Apple ID offers two-factor authentication since 2015. Under this authentication process, the user can set two different authentication methods such as device password and a trusted mobile number for verification at the time of signing in to the Apple ID or account recovery. The new update takes the security feature a notch up by allowing the users to choose a hardware security key as one of the authentication factors. The hardware security key may be NFC key, or any other third-party hardware. The authentication process will require the user to insert the hardware security key into the device in order to log in. This will further prevent hackers from gaining access to the second authentication factor for ID access.

Centex Technologies provides IT security solutions for enterprises. For more information, contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.

Switching To An Encrypted Communication App

By centexitguy

On July 22, 2020

In Security

Encryption is the process of encoding information for preventing anyone other than the intended recipient from viewing it. It uses an algorithm known as a cipher to convert the information into a code that appears like random characters or symbols. This renders the information unreadable to anyone who does not have the decryption key. Same concept is applied to an encrypted communication app.

What Is An Encrypted Communication App?

An end-to-end encrypted communication app secures the messages being sent and makes sure the information is visible only to the end users – the sender and receiver.

Why Is It Important To Switch To An Encrypted Communication App?

As privacy has become an important consideration for organizations and individuals alike, securing the communications has gained leverage. Common reasons behind a leaked communication are:

Monitoring of communications by the app providers
Security breach by hackers/cyber criminals

A leaked communication text may cause damage to personal/organizational reputation by exposing personal/trade secrets. Additionally, communications may include the exchange of media files such as personal photos, videos, etc. Breach of these files may cause a serious threat to the parties involved.

How To Choose An Encrypted Communication App?

While it has been established that now is the time to switch to an encrypted communication app, a major question is how to choose a suitable app from the large pool of available communication apps.

In order to choose a suitable encrypted communication app, it is important to consider following points:

Encrypted Metadata: In the context of messaging, metadata includes information such as the sender’s phone number, recipient’s phone number, date and time of the message. This information may seem trivial, but it can be used to map with whom and when the individual communicates. So, choose a communication app that encrypts the metadata along with the body of the message.
In-App Encryption: Some communication apps do encrypt the messages being shared over the network but do not encrypt the messages stored on the device. This may cause a threat in case the device is stolen. Thus, it is important to confirm that all the messages are encrypted before being stored on the device prior to choosing a communication app.
Online Backups: It is a common practice to back up the communications on cloud (Google Drive, etc.) to combat situations like failed/stolen devices. However, in this case, the messages are protected by a single layer of security (mostly a password). So, consider a communication app that offers an alternate solution to secure the backup.
Security Analysis: In the case of closed source communication apps, it is practically impossible to review the code and see how well the encryption has been integrated. So, it is advisable to choose an open-source communication app that allows analysis of the security measures enforced by the app.
Security Settings: Choose a communication app that has security-focused settings such as ‘Self-destructing messages’ that disappear after a pre-selected time, ‘Screen Security’ that prevents anyone from taking a screenshot of the conversation, etc.

For more information on encrypted communication apps, contact Centex Technologies at (254) 213 – 4740.