Apple announces Lockdown Mode to fight state-sponsored spyware
After having marketing iPhones, iPads and Macs as the most secure and privacy-focused devices on the market, Apple has gone a step further with a new feature — Lockdown Mode. Coming this fall, the feature is designed to fight targeted hacking attempts like the Pegasus malware, which has been used on human rights workers, lawyers, politicians and journalists.
The company said it will release the new feature in test versions of its operating systems shortly while full distribution will happen in fall as part of iOS 16 for iPhones as well as the operating systems for iPads and Mac computers.
At launch, Lockdown Mode will include the following protections:
Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
When iPhone is locked: Wired connections with a computer or accessory are blocked when iPhone is locked.
While the Mode is turned on: Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” said Ivan Krstic, Apple’s head of security engineering and architecture, in a statement. “That includes continuing to design defenses specifically for these users, as well as supporting researchers and organisations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”
Apple has announced a $10 million grant to the Dignity and Justice Fund, which was established by the Ford Foundation, to help support human rights and fight social repression. Also, the company says it’s doubling the bounty for “qualifying findings” in Lockdown Mode to $2 million, which it says is the highest maximum bounty payout in the industry. Further, Apple says any damages it’s awarded from a lawsuit filed last fall against NSO Group will be added to a $10 million grant to support organisations that “investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware”.
Israeli company NSO Group has claimed that it limits its buyers to governments and authorises the spyware Pegasus’s use only against terrorists and criminals but the spyware was found on a phone belonging to the wife of killed Washington Post contributing columnist Jamal Khashoggi, as well as those of several politicians, activists and journalists around the world.
Other tech companies have also expanded their security measures. Google has an initiative called Advanced Account Protection, designed for “anyone who is at an elevated risk of targeted online attacks” by adding extra layers of safety to logins and downloads while Microsoft has been working towards ways to dump passwords.