Fri | Jul 8, 2022 | 1:56 PM PDT

Apple announced plans to launch a new security feature called "Lockdown Mode" that will be available this fall when Apple releases its annual iOS update.

Lockdown Mode is designed to protect users who could be targeted by "the most sophisticated digital threats," such as spyware developed by private companies like the highly controversial NSO Group.

Though it will be an incredibly small number of individuals that need to use this feature, those that do could benefit tremendously. Journalists, politicians, and activists are frequently targeted by malicious cyber actors due to the nature of their work. The NSO Group, and others, are helping cybercriminals and nation-states accomplish this, but Apple has a plan to defend against these attacks.

[RELATED: Apple Sues 'Abusive State-Actor' NSO Group]

Apple describes the new feature like this:

"Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware.

Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware."

Lockdown Mode includes these protections:

  • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
  • Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  • Wired connections with a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

While Apple presents this Lockdown Mode as something that can completely protect a mobile device from a cyberattack, in reality, it's a bit more complicated than that.

Christopher Hebeisen, Director of Security Intelligence Research at Lookout, discusses:

"While these measures certainly strengthen device security, it is important to keep in mind that Lockdown Mode does not reduce the attack surface of third-party apps installed on the device unless those apps also implement separate lockdown measures. In addition, functionality and performance of the device will necessarily be limited in Lockdown Mode—a tradeoff some users might be willing to accept for a while but the inconvenience will create an incentive to disable Lockdown Mode.

Lockdown Mode reduces the amount of potentially vulnerable code available for attacks, but if its use becomes common among users being targeted with mobile surveillance malware, attackers will be forced to develop exploits that are capable of taking over a device in Lockdown Mode. While this is unlikely to be impossible, the reduction in attack surface will make it more difficult and therefore more expensive to successfully attack mobile Apple devices."

Apple also established a new category in its Apple Security Bounty program that will reward those who find security flaws in Lockdown Mode. The company says it will be offering bounties up to a maximum of $2 million, the highest in the industry.

Apple and NSO Group have a history

Apple specifically called out the NSO Group in its announcement of Lockdown Mode, and for good reason.

Back in November 2021, the NSO Group was blacklisted by the U.S. government "based on a determination that they developed and supplied spyware to foreign governments that used this tool to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers," according to the U.S. Department of State.

NSO's premium product, Pegasus, a spyware the company claims to only sell to vetted government agencies, has been connected to some pretty major international incidents in the last few years. The spyware was found on the phone of Jamal Khashoggi's wife just days after his murder. 

After the blacklisting, Apple sued NSO for its ability to hack iPhones using previously unknown Zero-Day vulnerabilities, calling the group "amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse."

As part of the ongoing lawsuit, Apple including this bit of information when it announced Lockdown Mode:

"Apple is also making a $10 million grant, in addition to any damages awarded from the lawsuit filed against NSO Group, to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware.

The grant will be made to the Dignity and Justice Fund established and advised by the Ford Foundation—a private foundation dedicated to advancing equity worldwide—and designed to pool philanthropic resources to advance social justice globally."

Follow SecureWorld News for more updates.

Comments