How Apple Lockdown Mode Could Keep The Worst Spyware Off Your iPhone
Apple is calling it an “extreme, optional protection” for users such as human rights activists, politicians, and high-ranking government officials, among other people that are at the risk of covert surveillance by having their phones and other personal computing machines hacked. The new safety feature will begin rolling out to the public with iOS 16, iPadOS 16, and macOS Ventura this fall.
However, Lockdown Mode has already started appearing for users running the third beta of iOS 16 that is now being seeded to eligible iPhones. The core premise of lockdown mode is to shrink the attack surface that is exploited by spyware to do its job. In the past, Israeli firm NSO Group — the creator of the infamousPegasus spyware— created a zero-click hack thatexploited an iMessage vulnerability. By limiting the very feature set of iMessage, Apple aims to shut the doors for such exploits to arrive in the first place. As such, enabling Lockdown Mode will restrict a handful of features.
For example, Link previews are disabled in the Messages app, and all attachments – except for image files – are automatically blocked. FaceTime calls and other communication requests from an unknown number are also blocked, and there is also no scope for installing a configuration profile. In case a bad actor gains physical access to the device, Lockdown Mode will disable all wired connections with an electronic device if the phone or computer is locked, minimizing the chances of an all-out brute force attack.
An indispensable tool for the surveillance age
Apple’s press release notes that Lockdown Mode will thwart “highly targeted mercenary spyware” and namedrops NSO Group, a company itsuedlast year for unaithorized hacking of iPhones with the Pegasus spyware, which used an exploit called FORCEDENTRY. CitizenLab foundevidenceof this zero-click iMessage exploit and published its findings in October last year. In addition to iPhones, the exploit was also said to be effective against Apple Watch and Mac computers.
Ron Deibert, director of the Citizen Lab, praised Lockdown Mode and expressed that it will “help nurture independent researchers and advocacy organizations holding mercenary spyware vendors accountable.” Notably, Apple has added a new tier to its bug bounty program that will award a sum of up to $2 million to cybersecurity experts who find a flaw in Lockdown Mode. That’s the highest bug bounty that any company has to offer on the planet, claims Apple.
