This story is part of Focal Point iPhone 2022, CNET’s collection of news, tips and advice about Apple’s most popular product.
What is happening
Apple will offer a new “Lockdown Mode” for its iPhones, iPads and Mac computers. It is designed to combat advanced hacking and targeted spyware such as NSO Group’s Pegasus.
Why it matters
Although these attacks happen to a small group of people, the threat is growing. Pegasus has been used by repressive governments to spy on human rights activists, lawyers, politicians and journalists. Apple says it has identified similar attacks targeting people in 150 countries over the past eight months.
What next
Apple will release Lockdown Mode for free later this year and has made a public commitment to regular updates and improvements. The company also expanded its bug bounties and created a grant to encourage further research on the issue.
For years, Apple has touted its iPhones, iPads and Macs as the most secure and privacy-focused devices on the market. On Wednesday, it bolstered those efforts with a new feature coming this fall called Lockdown Mode, designed to combat targeted hacking attempts like the Pegasus malware that oppressive governments have reportedly used against human rights activists, lawyers, politicians and journalists. Apple also announced a $10 million grant and up to a $2 million bug bounty to encourage further research into this growing threat.
The tech giant said Lockdown Mode is designed to enable “extreme” protections on its phones, such as blocking attachments and link previews in messages, potentially hacked web browsing technologies and incoming FaceTime calls from unknown numbers. Apple devices also won’t accept connecting accessories unless the device is unlocked, and people can’t install new software to remotely control the devices while in locked mode. The new feature is already available in test software being used by developers this summer and will be released to the public for free in the fall as part of iOS 16, iPadOS 16 and MacOS Ventura.
“While the vast majority of users will never be victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” Ivan Krastic, Apple’s head of security and architecture, said in a statement. “Lockdown Mode is an innovative capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks.”
Apple designed Lockdown Mode to be easy to turn on through the Settings app on its devices.
An apple
Along with the new lockdown regime, which Apple calls an “extreme” measure, the company announced a $10 million grant to the Dignity and Justice Fund, created by the Ford Foundation to support human rights and the fight against social repression.
The company’s efforts to improve the security of its devices come at a time when the tech industry is increasingly facing targeted cyberattacks from oppressive governments around the world. Unlike widespread ransomware or virus campaigns, which are often designed to spread indiscriminately the farthest and fastest through homes and corporate networks, attacks like those using Pegasus are designed to quietly gather intelligence.
People need to reboot their devices before the lock mode will turn on.
An apple
Last September, Apple sent out a free software update targeting Pegasus and then sued NSO Group in an attempt to prevent the company from developing or selling more hacking tools. It also started sending “Threat Alerts” to potential victims of these hacking tools, which Apple calls “spyware for hire.” The company said that while the number of people targeted by these campaigns is very small, it has notified people in about 150 countries since November.
Other tech companies have also expanded their approach to security in recent years. Google has an initiative called Advanced Account Protection designed for “anyone at increased risk of targeted online attacks” by adding extra layers of safety to logins and downloads. Microsoft is increasingly working to dispose of passwords.
Apple said it plans to expand Lockdown Mode over time and announced a bug bounty of up to $2 million for people who find security holes in the new feature. For now, it’s mainly designed to disable computer features that might be useful but open people up to potential attacks. This includes turning off some fonts, link previews, and incoming FaceTime calls from unknown accounts.
Apple representatives said the company has strived to find a balance between usability and extreme protections, adding that the company is publicly committed to strengthening and improving the feature. In the latest iteration of Lockdown Mode, which is being sent to developers in an upcoming test software update, apps that display web pages will follow the same restrictions that Apple’s apps follow, although people can pre-approve some websites to bypass Lockdown Mode if necessary. People in lock mode will also need to unlock their device before it can connect to accessories.
Encourage more research
In addition, Apple said it hopes a planned $10 million grant to the Dignity and Justice Fund will help encourage more research into these issues and expand training and security audits for people who may be targeted.
“Every day we see these threats expand and deepen,” said Lori McGlinkey, director of the Ford Foundation’s Technology and Society program, which is working with technical advisers, including Apple’s Krstic, to help guide the fund. “In recent years, state and non-state actors have used spyware to track and intimidate human rights defenders, environmental activists and political dissidents in nearly every region of the world.”
Ron Deibert, political science professor and director of the Citizen Lab cybersecurity researchers at the University of Toronto’s Munk School of Global Affairs and Public Policy, said he expects Apple’s blocking regime to be a “big blow” to spyware companies and governments that rely on their products.”
“We’re doing our best, along with a number of investigative journalists working on that beat, but that’s it, and it’s a huge asymmetry,” he said, adding that Apple’s $10 million grant will help attract more work on this problem. “You have a huge industry that is very lucrative and almost entirely unregulated, profiting from huge contracts from governments that have an appetite to engage in this kind of espionage.”
Add Comment