YOUR iPhone has received a handy update that can warn you about a serious privacy danger.
It involves your iMessages – and making sure that they’re safe from prying eyes.
1
New warning message
When you’re chatting with someone in iMessage, you may now see a new message.
It might read: “An unrecognized device may have been added to [name]’s account” or “[name] turned off contact key verification”.
You’ll only see this if you’ve got iOS 17.2 installed – go to Settings > General > Software Update to check.
It’s designed to protect you from hackers who are trying to read your encrypted messages. Don’t ignore it, and read on to find out why.
How does iMessage encryption work?
iMessage on iPhone uses end-to-end encryption.
That means the texts you send and receive are scrambled in transit – so no one else can read them.
For instance, Apple can’t see what your iMessages say – and they couldn’t show the government even if they were asked.
Let’s say you’re texting your friend Mollie.
Most read in News Tech
You don’t see it, but Mollie has sent you a public key.
This public key is used to encrypt a text that you then send to her.
She’ll then use a separate private key to decode this message and read it.
Without this private key, the message would be gibberish.
How are the keys kept safe?
To text Mollie using encryption, you need to get her public key.
Your iPhone will speak to Apple, and Apple will send you her key.
But this creates a security worry: what if someone was able to send you additional public keys.
Then when you send texts to Mollie, someone else can also decrypt the messages.
There are two ways Apple is trying to stop this from happening.
First is an existing feature called Key Transparency, which is maintaining a big list of public keys that can’t be edited – only added to.
So a key couldn’t be added and then removed by someone to cover their tracks.
But a second feature added in iOS 17.2 called Contact Key Verification goes a step further.
You can turn it on by going to Settings > [Your Name] and turning on Contact Key Verification.
This will let you manually (and also automatically) compare your public keys with another person – to make sure everything is in order.
So if you go to a person’s profile in iMessage, you can see an 8-digit code that you can then compare, for instance in person, to make sure everything matches up – and that you’re not being spied on.
Watch out for alerts
But you might also receive alerts if someone is wrong.
Apple explains: “When iMessage Contact Key Verification is turned on, you might get an alert if your device detects an issue.”
There are four main reasons you’ll get an alert.
The first is that the person you’re texting turned Contact Key Verification off.
The second is that a new and unrecognized device was added to someone’s Apple ID.
“This alert might mean that the person you are messaging has an issue with one of their devices,” Apple said.
“Or that a sophisticated attacker might be attempting to eavesdrop on the conversation.”
Third is that Contact Key Verification might be temporarily unavailable due to a service outage.
And fourthly, a message might read: “There’s an issue with iMessage Contact Key Verification.”
Apple says: “This alert might mean that there’s an issue with one of your devices or your account, or that a sophisticated attacker might be attempting to eavesdrop on the conversation.”
What should you do to fix it?
If you’re seeing an issue with Contact Key Verification, Apple recommends acting quickly.
“You might want to stop messaging that contact until you can verify that you’re messaging with the person that you intend,” Apple said.
Check if your contact is also having issues.
Then use the alert to Verify Contact and compare your codes.
If they don’t match up, you’ve got a problem.
“it could mean that you’re no longer messaging the person that you intend,” Apple said.
“As a precaution, you should stop messaging with that contact.”
If you think your account has been compromised, Apple says you should go to appleid.apple.com to sign out of all of your devices.
Read more on The Sun
Then change your Apple ID password too.
Also, go to Settings > [Your Name] and scroll down, then remove any devices that you don’t recognize from your account.
