Apple announces ‘Lockdown Mode’ to protect devices from cyber attacks
Apple has announced a new ‘Lockdown Mode’ for iPhones, iPads and Macs to protect against Pegasus-style cyber attacks.
Lockdown Mode is an optional protection for users who face ‘grave, targeted threats to their digital security’, like journalists and activists, Apple said.
When a device is in Lockdown Mode, apps, websites and features are restricted for security reasons, and others are completely disabled.
For example, most message attachment types in the Messages app other than images are blocked and other features, like link previews, are disabled.
Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
The new mode also blocks access to an iPhone when it is connected to a computer or accessory.
Lockdown Mode will be released this autumn with iOS 16, the tech giant’s new software update, announced last month.
Lockdown Mode will be released this autumn with iOS 16, the tech giant’s new software update
TURN ON LOCKDOWN MODE
– On iOS, go to Settings
– Tap ‘Privacy & Security’
– Tap ‘Lockdown Mode’
– Select ‘Turn On Lockdown Mode’
(Lockdown Mode will be available in iOS 16)
Apple said Lockdown Mode is an ‘extreme’ and ‘optional’ protection for ‘the very small number of users who face grave, targeted threats to their digital security’.
It offers protection to users at risk of cyberattacks from private firms that develop state-sponsored ‘spyware’ – software that steals information from a device.
Spyware is a specific type of malware (malicious software) that steals information from a computer and sends it to a third party, without the person’s knowledge.
An example is the Pegasus spyware, which has already been used by governments to spy on world leaders, politicians, journalists, activists and dissidents and other high-profile figures.
Made by Israeli firm NSO Group, Pegasus is a powerful tool that allows its operator to infiltrate a target’s phone and sweep up its contents, including messages, contacts and location history.
Among those targeted by Pegasus are Hanan Elatr, the wife of Saudi-born Washington Post journalist Jamal Khashoggi, who was murdered by a Saudi hit squad in 2018, and Roula Khalaf, editor of the Financial Times.
‘Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,’ said Ivan Krstić, Apple’s head of security engineering and architecture.
‘While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are.
Apple said Lockdown Mode is an extreme’ and optional protection for ‘the very small number of users who face grave, targeted threats to their digital security’
Israeli firm NSO’s Pegasus spyware has already been used by governments to spy on journalists, activists and dissidents (file photo)
LOCKDOWN MODE FEATURES
At launch, Lockdown Mode includes the following:
– Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
– Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
– Wired connections with a computer or accessory are blocked when iPhone is locked
– Configuration profiles can’t be installed and the device cannot enroll into mobile device management.
‘That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.’
Apple giant listed five features of Lockdown Mode available at launch, but said it will look to continue to strengthen the tool over time with extra features.
It will also reward researchers who find flaws in Lockdown Mode, which will help make it more resilient and better protect users.
The tech firm has said it is doubling the security bounties it offers researchers who find flaws in Lockdown Mode – up to $2 million (£1.7 million), which is the the highest maximum bounty payout in the industry.
Ron Deibert, director of the Citizen Lab at the University of Toronto, said there is ‘undeniable evidence’ that the mercenary surveillance industry is facilitating the spread of ‘authoritarian practices and massive human rights abuses’.
‘I applaud Apple for establishing this important grant, which will send a strong message and help nurture independent researchers and advocacy organizations holding mercenary spyware vendors accountable for the harms they are inflicting on innocent people,’ he said.
Christoph Hebeison, director for security intelligence research at San Francisco-based firm Lookout, said Lockdown Mode will not reduce the ‘attack surface’ of third-party apps unless those apps also implement separate lockdown measures.
Also, functionality and performance of the user’s device could be limited in Lockdown Mode.
‘This may be a tradeoff some users might be willing to accept for a while but the inconvenience will create an incentive to disable Lockdown Mode,’ Hebeison said.
Apple also announced it is funding a $10 million (£8.4 million) grant to support organisations that investigate, expose and prevent cyberattacks and more targeted spyware attacks.
The grant is being made to the Dignity and Justice Fund, which was established and is advised by the Ford Foundation, an organisation which aims to advance equity globally.
PEGASUS: HOW POWERFUL SPYWARE USED TO HACK JOURNALISTS WORKS
Pegasus is a powerful piece of ‘malware’ – malicious computer software – developed by Israeli security firm NSO Group.
This particular form of malware is known as ‘spyware’, meaning it is designed to gather data from an infected device without the owner’s knowledge and forward it on to a third party.
While most spyware is limited in scope – harvesting data only from specific parts of an infected system – Pegasus appears much more powerful, allowing its controller near-unlimited access to and control over an infected device.
This includes accessing contact lists, emails, and text messages, along with stored photos, videos and audio files.
Pegasus can also be used to take control of the phone’s camera or microphone to record video and audio, and can access GPS data to check where the phone’s owner has been.
And it can also be used to record any new incoming or outgoing phone calls.
Early versions of the virus infected phones using crude ‘phishing’ attacks in which users are conned into downloading the virus on to their own phones by clicking on a malicious link sent via text or email.
But researchers say the software has become much more sophisticated, exploiting vulnerabilities in common phone apps to launch so-called ‘zero-click’ attacks which can infect devices without the user doing anything.
For example, in 2019 WhatsApp revealed that 1,400 people had been infected by NSO Group software using a so-called ‘zero day’ fault – a previously unknown error – in the call function of the app.
Users were infected when a call was placed via WhatsApp to their phones, whether they answered the call or not.
More recently NSO has begun exploiting vulnerabilities in Apple’s iMessage software, giving it backdoor access to hundreds of millions of iPhones.
Apple says it is continually updating its software to prevent such attacks, though human rights group Amnesty says it has uncovered successful attacks on even the most up-to-date iOS systems.
NSO Group says that Pegasus can also be installed on devices using wireless transceivers located near the target, or can be booted directly on to the device if it is stolen first.