Enlarge image
Apple's new live text feature: iOS 16 now also translates into videos
Photo: Apple
Insecure or stolen passwords are still probably the greatest security risk in the entire IT.
Apple is taking a step towards a password-free future with the update to iOS 16, which is expected to be available to iPhone customers from Monday evening German time.
It is one of the more complicated, but also one of the most important innovations in the operating system.
This is made possible by the open standard FIDO (Fast Identity Online), which in German means something like fast online identification.
Behind it is the non-commercial FIDO Alliance.
Many companies, service providers and authorities have joined forces, and the Federal Office for Information Security (BSI) is also involved.
If you want to log in via FIDO, you first have to register a smartphone, tablet or computer with the respective service.
A public and a private key are created.
The private one is stored on the device itself in a hardware chip that cannot emit any information – a so-called “Trusted Platform Module” (TPM).
In the iPhone, this role is assumed by the so-called Secure Enclave, a system separate from the main processor.
Separate public keys are generated for each website and app that you log into with FIDO and stored on the respective server.
Log-in is only possible if both keys match.
The advantage: the login method is protected against password leaks and phishing attacks.
Apple itself calls its implementation of the FIDO standard “Passkeys”.
The private key is also saved in the iCloud, i.e. on Apple's servers, in the so-called keychain.
This, in turn, is also end-to-end encrypted, so not even Apple could access private “passkeys”.
Therefore, experts consider the risk to be manageable, even if the keys leave the device.
Users therefore only need one private key, which then works on all their Apple devices via the iCloud.
You only identify yourself biometrically on the respective device, via Touch ID or Face ID (read more about the new standard FIDO 2, which is intended to replace passwords, here).
Have fun on the lock screen
Another major innovation Apple sees is a major overhaul of the lock screen.
Similar to many Android devices, iOS 16 makes it a lot more flexible and adaptable to personal needs.
In addition to widgets and various photo motifs, other fonts and the overall design of the screen can also be specified.
Messages run from bottom to top.
In addition, the lock screen can change depending on the usage scenario and, for example, separate “work” from “leisure” and “sleep”.
Only certain notifications should come through.
In the “leisure time” scenario, for example, no notifications from the employer should appear.
On the other hand, an announced innovation that brings live events such as self-updating ticker messages from sports events to the lock screen has been postponed for a few weeks.
More convenience for pictures, videos, messages and e-mails
The Live Text function, which can be used to translate text on photos, is also available for videos in iOS 16.
It is planned that a video can be stopped at any point and that you can interact with the text there.
Photo editing also gets an interesting new feature: in iOS 16, objects can be cropped directly in the app.
So far, this requires special image processing apps.
Another planned innovation, a photo library shared with up to six people (more precisely: six Apple users), is delayed.
In the Messages app, sent messages can be edited up to 15 minutes after they were sent and even retrieved entirely.
A function for e-mails is similarly convenient: In iOS 16 it is possible to plan these in advance and also retrieve them for a moment shortly after they have been sent.
The dictation function has also been improved.
You should now recognize emojis in addition to punctuation marks.
More security against stalking and violence
Other security features concern the protection of certain groups.
The "Safety Check" is intended to quickly and comprehensively withdraw access rights and location approvals from persons who pose a risk.
This should help to prevent digital violence and stalking.
In addition, according to Apple, accounts for children are now even more fully secured.
Age or screen time restrictions can be placed on these from the start.
The Anti-Pegasus mode as a last resort
The so-called blocking mode, which Apple believes can stop all known state Trojan attacks (read here how a state Trojan attack by the NSO group works) is of interest for particularly vulnerable target groups such as activists or journalists in crisis areas.
However, it comes with significant limitations in terms of functionality and is therefore not activated by default.
This includes the fact that cable connections to computers or accessories are interrupted as soon as the iPhone is locked, but also the automated switching off of some web technologies in the browser.
Except for photos, almost no other attachments get through in the Messages app in blocking mode.
And calls via FaceTime only work if the person called has previously agreed in a message that they want to have the conversation.
This is Apple's response to typical attack vectors that sophisticated surveillance software uses: file attachments disguised as another file type, automated scripts in the background when websites are accessed, and even attacks that are carried out without the victim clicking.
The Israeli NSO Group in particular made the headlines in connection with spyware delivered in this way: Although the company always claims that its programs are only sold to state customers to fight crime and terrorism, dissidents, journalists and members of the opposition have been finding the Pegasus Trojans on their cell phones (Read here in detail how the company wants to protect against state Trojans).
No more support for three models
As is usual with Apple, all iPhone customers benefit from the new features at the same time, provided they are using reasonably up-to-date devices.
However, older models are no longer supported: the new operating system does not run on the first-generation iPhone SE, the iPhone 6s and the iPhone 7.
loc/dpa
