When iOS 16 debuts in the fall, it will include a new set of security features known collectively as Lockdown Mode that Apple describes as “an extreme, optional level of security.” The features are designed to remove much of the attack surface that highly skilled attackers, such as NSO Group and others who sell commercial spyware to government actors, use to compromise iPhones. The lock feature is specifically intended for high-risk user groups, such as activists, journalists and political dissidents, and will severely limit the functionality of iPhones when enabled. Among other things, Lock Mode will block most attachments in Messages, disable JIT and other web technologies, prevent configuration profiles from being installed, and block wired connections to computers or accessories when the phone is locked. Users will be able to enable the lock feature themselves, but they won’t be able to enable and disable individual features that are part of the new security suite. “While the vast majority of users will never fall victim to highly targeted cyber attacks, we will work tirelessly to protect the small number of users who are. This includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world who are doing critical work to expose the mercenary companies that create these digital attacks,” said Ivan Krstic, head of security engineering. and architecture at Apple. The pool of companies selling high-quality, custom spyware tools is relatively small, but the effects they have on the people their products target are profound. The targets are often dissidents or activists in authoritarian countries, journalists, social activists and others who cause discomfort for the governments that buy these tools. Security researchers at Citizen Lab have uncovered widespread use of Pegasus spyware sold by NSO Group in many countries, including the UK, Bahrain, Jordan and others, and in many cases the victims of these attacks were compromised in some way via of their mobile devices. . Some of these hacks involved new exploits against previously unknown vulnerabilities in iOS, often via text messages. Lockdown Mode is meant to take as many of these attack vectors off the table as possible, and researchers say it’s an important step forward, not just for users at risk, but for the larger user population as well. “Many features provide a road map to better security for everyone.” “Using Lockdown Mode is like dismissing assault charges. It won’t stop you from being vulnerable to anything. It’s important that major operating system developers move to provide better protection to users,” said John Scott-Railton, senior researcher at the Citizen Lab at the University of Toronto’s Munk School. “It’s also a toe dip and it’s important that the big platforms have higher security features. Sometimes the thinking is that more security can provide more friction, but users like these features. This is the first step towards embedding the best protection. There is a collective action problem. If companies are competing with each other, they are sometimes reluctant to add features that might push users to their competitors. But this is an important move.” Many of the technologies and features that have had the biggest impact on improving web security started out as tests or features designed for small groups of people. One example is the use of HTTPS, which browser vendors first encouraged, then made optional, and eventually made the default connection mode. Now, almost all traffic on major platforms is encrypted. “When you grow, it’s like an antibiotic, it’s like you have all the bacteria? Or all threats? It makes the next big step easier,” Scott-Railton said. And while Lockdown Mode is expressly intended for people at high risk of being targeted by commercial spyware or other advanced threats, the benefits will accrue to everyone eventually. “High-risk users should also mean people who run banks, celebrities, well-known crypto investors. Anyone at a high threat level,” Scott-Railton said. “Many features provide a road map to better security for everyone.”
