Apple Lockdown Mode Is A Panic Room For iOS And Mac That Thwarts Mercenary Spyware
Last week, we wrote about spyware that researchers gave the name “Hermit” and attributed to the Italian spyware vendor RCS Labs. Hermit falls within the same class of spyware as NSO Group’s Pegasus spyware, which infected at least nine phones belonging to US State Department employees. This sort of spyware is usually highly targeted and intended for covert surveillance of state actors or political dissidents.
Most users hopefully won’t ever encounter this kind of spyware, but potential targets, such as journalists and human rights defenders, have reason to worry. The most advanced spyware can leverage multiple exploits of vulnerabilities that may not even be public knowledge. Pegasus was able to infect over 1,400 mobile devices by way of a WhatsApp call, and the devices’ owners never even had to answer the call to become a victim of the spyware.
Most users hopefully won’t ever encounter this kind of spyware, but potential targets, such as journalists and human rights defenders, have reason to worry. The most advanced spyware can leverage multiple exploits of vulnerabilities that may not even be public knowledge. Pegasus was able to infect over 1,400 mobile devices by way of a WhatsApp call, and the devices’ owners never even had to answer the call to become a victim of the spyware.
This week, Apple unveiled a new feature intended to protect the devices of those who have reason to believe they may be the targets of advanced spyware and other sophisticated cyberattacks. Apple is calling this feature “Lockdown Mode,” and intends to include the feature in iOS 16, iPadOS 16, and macOS Ventura. The company makes clear that this feature is an extreme security measure intended for very few users. Lockdown Mode will disrupt regular phone usage, making it a hindrance for most users. According to Apple, the feature will launch with the following security measures:
- Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
- Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
- Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
- Wired connections with a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
Apple says that it will further develop Lockdown Mode to strengthen its attack surface mitigation, and the company wants to work with security researchers to do so. The feature preview included the announcement that all bounties in the Apple Security Bounty program will be doubled for the discovery of vulnerabilities that work in Lockdown Mode. This doubling means that security researchers could walk away with up to $2 million in bounty money from Apple. The company also announced a grant of $10 million, along with any damages awarded from Apple’s lawsuit against NSO Group, to the Ford Foundation’s Dignity and Justice Fund. That money will go toward funding work intended to uncover spyware and provide protection for potential targets.
