Apple has taken steps to improve security for journalists, activists, and politicians by introducing Lockdown Mode in iOS16, iPad 16, and macOS Ventura. This setting makes an iPhone, iPad, or Mac more secure by interfering with the methods used to compromise them for targeted attacks.
Lockdown Mode blocks many types of message attachments, disables link previews, and turns off certain web browsing technologies by default. It also stops invitations from unknown sources and FaceTime calls. The lockdown mode locks down wired connections to computers and accessories while the device remains locked.
These are the areas we know to be vulnerable. Google’s Project Zero team explained how iPhones of those targeted by the Pegasus software could have been compromised in a “zero-click” scenario using a GIF that exploits iMessage in the background. Other attacks have targeted MDM solutions repeatedly or exploited rendering flaws using malicious websites. Lockdown Mode prevents these attacks from happening again.
Apple refers to it as an “extremely optional” level of protection. This is a direct response to the increasing use of state-sponsored software such as the Pegasus tool created by NSO Group. Jamal Khashoggi, a journalist, has seen evidence of the software on his devices. Bloomberg reporter Mark Gurman reports that Apple has just released iOS16 Developer beta 3, which includes Lockdown Mode.
iOS 16 beta 3 is now live with Lockdown Mode pic.twitter.com/w00OiCBFJ1
— Mark Gurman (@markgurman) July 6, 2022
Apple was criticized for not working with security experts to find and close flaws on its platforms. This was before it launched an iOS bug bounty program. Apple eventually extended the program to include other devices in 2019, announcing that it would give out special security research devices for outside researchers.
Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.
Ivan Krstic is Apple’s head of security engineering and architecture. He stated that while cyberattacks won’t target most users, he will continue to work hard to protect those users. This includes designing defenses for these users and supporting researchers around the globe who are doing critical work to expose mercenary firms that make these cyberattacks.
Apple announced that its Rapid Security Response feature would allow patches for security flaws to roll out faster on Macs and not require a reboot. iOS16 and macOS Ventura will also include support for new passkey technology, which will eliminate passwords.
Other tech companies have made similar efforts, such as Google’s Advanced Protection Program that protects its accounts and the Super Duper Secure Mode Microsoft, which Edge began testing last fall. A few small companies also offer Android-based hardened devices that promise protection against many vulnerabilities. However, Lockdown Mode will be available to millions once the new software updates are released later in the year.
Even with all these protections, finding vulnerabilities in operating systems that control many devices is still valuable. Apple has increased the bounty for “qualifying discoveries” in Lockdown Mode from $1 million to $2 million. This is, it claims, the highest possible bounty payout in the industry. Apple says any damages it awards from a lawsuit against NSO Group last fall will be added to a $10,000,000 grant to support organizations that “investigate, expose and prevent highly targeted cyberattacks,” including those created or sponsored by state-sponsored mercenary malware.