Attack Surface Management , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
Apple Lockdown Mode Aims to Prevent State-Sponsored Spyware
'Extreme' Digital Security Coming for Activists and JournalistsSmartphone giant Apple wants to thwart spyware wielded by governments against criminals and dissidents alike through an "extreme, optional protection" feature that lets users limit the functionality of their device.
See Also: 2024 CISO Insights: Navigating the Cybersecurity Maelstrom
In a preview of its next mobile and desktop operating systems set for debut this fall, the California company unveiled "Lockdown Mode," a set of restrictions that renders many message attachments inaccessible, webpages slower to load and FaceTime calls harder to make. The idea is to sharply reduce the attack surface available to makers of spyware such as Israel's NSO Group or Italy's RCS Labs.
Apple also announced a new bug bounty program to strengthen the security of Lockdown Mode and shared details about a $10 million grant to help organizations fight against highly targeted cyberattacks.
Most users likely never encounter malware of the likes developed by NSO Group, maker of the Pegasus spyware. Those who do - reportedly including now-imprisoned drug lord Joaquin "El Chapo" Guzman and legions of human rights activists and journalists, as well as political figures - find their digital life turned inside out. A device infected with Pegasus reveals to its operators data including text messages, photos, emails, contact lists, and even the recordings of phone calls.
"While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are," says Ivan Krstić, Apple head of security engineering and architecture.
The company sued NSO Group in U.S. federal court late last year in a bid to prevent the company from ever again accessing Apple products or services in a complaint that also sought damages. NSO argues that it is immune from lawsuits in American courts since it's an agent of foreign government and so protected by sovereign immunity - a legal theory that it is asking the Supreme Court to endorse in a separate lawsuit against the company launched by Facebook parent Meta. The Apple case is on hold pending the resolution of the Meta lawsuit.
Apple is launching Lockdown Mode with the following protections:
- Messages: Most message attachment types other than images are blocked. Some features, such as link previews, are disabled.
- Web browsing: Certain complex web technologies, including just-in-time, or JIT, JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
- Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
- Wired connections: Those made with a computer or accessory are blocked when iPhone is locked.
- Configuration profiles: They cannot be installed, and the device cannot enroll into mobile device management, or MDM, while Lockdown Mode is turned on.
Rewarding Researchers
Apple is inviting feedback and collaboration from the research community to strengthen the security of Lockdown Mode.
It established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Qualifying findings can earn researchers up to $2 million - "the highest maximum bounty payout in the industry."
Apple also says its $10 million grant to support organizations that investigate targeted cyberattacks such as Pegasus malware incidents will go through the Dignity and Justice Fund established and advised by the Ford Foundation. Spyware "facilitates violence, reinforces authoritarianism, and supports political repression,” says Lori McGlinchey, director of the Ford Foundation's Technology and Society Program. The fund expects to make its first grants later this year or in early 2023 for efforts such as capacity building for mitigating spyware attacks and the development of methods able to detect spyware infiltration that can be used in court.