Dive Brief:
- Apple will introduce a new security capability, called Lockdown Mode, based on technology it developed to protect highly vulnerable targets like political activists, journalists and other users who may be the targets of government surveillance.
- Apple plans to roll out Lockdown Mode features this fall as part of the iOS 16, iPadOS 16 and macOS Ventura operating system upgrade launches, the company said Wednesday. The feature will limit certain functionalities within the Apple computer and mobile device operating systems to reduce the attack surface that can be targeted.
- Apple will also offer enhanced incentives to researchers who find flaws in Lockdown Mode through its Apple Security Bounty program. The company said it will double rewards to researchers in this category to a maximum of $2 million.
Dive Insight:
The announcement comes a year after high-profile investigations found the NSO Group's Pegasus spyware was widely misused by authoritarian regimes, and even some more moderate governments, to track political activists, journalists and other dissidents.
Apple, which has historically billed the iPhone as a secure mobile device, said the goal of these new security capabilities is to protect users from what it calls state-sponsored mercenary software.
“While the vast majority of users will never be the victims of highly targeted cyberattacks, Apple will work tirelessly to protect the small number of users who are,” Ivan Krstic, head of security engineering and architecture at Apple, said in a tweet.
Through Lockdown Mode, devices will disable certain features, blocking:
- Most message attachments, beyond images.
- Some complex web technologies, including just in time (JIT) JavaScript compilation, unless the user excludes a specific website from Lockdown Mode.
- FaceTime calls and other incoming services and requests if the user hasn’t sent a prior request.
- Configuration profiles can’t be installed and the device can’t be enrolled in Mobile Device Management while Lockdown Mode is on.
Mobile security experts called the technology somewhat of a breakthrough in combating spyware.
“It reinforces the reality that mobile devices are susceptible targets for malicious actors,” Richard Melick, director of threat reporting for Zimperium. “That said, it falls on iPhone owners to enable the new capability.”
Melick said spyware is just one of several threats that enterprises need to protect their physical and digital assets from. Both iOS and Android devices can become targets, he said.
However, Christoph Hebeisen, director of security intelligence research at Lookout, said the mode does not reduce the attack surface of third-party apps installed on a mobile device, unless those apps implement separate lockdown features.
Lookout researchers previously collaborated with Citizen Lab to investigate the use of spyware against dissidents.