Your iPhone Has a Security Feature That Prevents Hackers From Eavesdropping on and Tampering With Your Messages
When it comes to online security and privacy, Apple doesn’t take that lightly. In fact, every aspect of their products is built with a privacy and security approach that puts their users at the forefront.
As you may know, iMessage is one of the most secure messaging platforms available, but Apple is making it even more secure by introducing a key feature called “Contact Key Verification.”
We’ll discuss what it is, how to enable it, and how it protects your conversations.
What Is Contact Verification Key?
Apple’s Contact Key Verification is a security feature that ensures your messages are sent to the intended recipient and not intercepted by a third party.
It does this by using a mechanism called Key Transparency (KT) that allows you to verify the identity of your contacts through unique cryptographic keys.
Here’s how it works: You and the person you’re texting get a unique code. You can compare these codes to verify that you’re communicating with the right person.
Once you both confirm the codes, you can chat with the extra assurance that no encryption details are being shared with anyone, not even Apple.
This feature is especially valuable for journalists, activists, or even regular people like you who might be targeted by hackers.
Isn’t iMessage Already Encrypted, What’s the Point of this feature?
You might wonder why I should bother to activate this feature if iMessage is already encrypted.
Here’s the thing: when you activate iMessage on your iPhone, it creates two cryptographic keys: a public key and a private key.
The private key is stored on your phone, and only you can access it. The public key, however, is stored on a key directory service like Apple’s Identity Directory Service (IDS) and acts as a safe box to deliver messages to recipients.
When you send a message, it is encrypted using the recipient’s public key. Only the recipient’s device, which has the corresponding private key, can decrypt the message.
This system works well until hackers potentially find a way to penetrate Apple’s servers, where the key directory is stored, gaining access to public keys.
With these, they could intercept and passively monitor your encrypted messages. Apple aims to address this risk with the “Contact Key Verification” feature.
What Are the Requirements to Use the “Contact Key Verification” Feature?
Before you can take advantage of this feature, there are a few requirements:
- Your devices must be running iOS 17.2, iPadOS 17.2, watchOS 9.2, and macOS 14.2 or later.
- You need to be signed in to iCloud and iMessage with the same Apple ID.
- iCloud Keychain and two-factor authentication for your Apple ID must be turned on.
- The person you’re trying to verify needs to be in your contacts.
Once you have met these requirements, you can proceed to enable this feature
How to Enable Contact Key Verification on iPhone
Here’s how to enable the Contact Verification Key feature on your iPhone.
1. Open the Settings app on your iPhone and tap your name at the top.
2. Scroll to the bottom and tap “Contact Key Verification.”
3. Tap the toggle to enable Contact Key Verification, then tap “Continue.”
4. If you have outdated devices linked to your Apple ID, remove them before continuing.
5. Once activated, the toggle will be green. You can view your public verification code by tapping “Show Public Verification Code.”
This code is only for your device and helps confirm you’re really chatting with the person you intend to message.
How to Verify the Identity of Others
To confirm someone else’s code, follow these steps:
1. Open the iMessage conversation with the person you want to verify, and tap their contact icon at the top.
2. Scroll to the bottom and tap “Verify Contact.” (Note: This requires both you and your contact to perform this step at the same time)
3. Each of you will see a unique verification code appear on your iPhones. Share the verification codes with each other.
4. When the codes you see on your device match the ones your contact sees, tap “Mark as Verified” followed by “Update.”
5. This confirms that you’re actually messaging the person you intended to reach. A “Verified” checkmark will then appear next to their name under “Advanced Message Security,” indicating a verified connection.
If the codes you see don’t match, select “No Match.” This could mean you’re not messaging the intended person. To be safe, stop messaging them until you can confirm their identity.
Note: Contact Key Verification only works if both parties have enabled this feature. If you don’t see the “Verify Contact” option, or it says “Verification Off,” the other person hasn’t enabled the feature.