An apple
Spyware for hire is one of the most difficult threats to combat. It targets an infinitesimal percentage of the world, making it statistically unlikely for most of us to see it. Yet because it selects only the most powerful individuals (think diplomats, political dissidents, and lawyers), the sophisticated malware that private companies sell to nation-state governments has a devastating effect far out of proportion to the small number of people it infects.
This puts device and software manufacturers in a difficult position. How do you build something to protect what’s probably well under 1 percent of your user base against malware created by companies like NSO Group, maker of click-less exploits that instantly turn fully updated iOS and Android devices into sophisticated listening devices.
No security snake oil here
Apple on Wednesday previewed an ingenious option it plans to add to its flagship operating systems in the coming months to counter the threat of mercenary spyware. The company has been upfront—almost in your face—that Lock Mode is an option that will degrade the user experience and is only intended for a small number of users.
“Lockdown mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, can be personally attacked by some of the most sophisticated digital threats, such as those from NSO Group and other private companies, developing state-sponsored spyware for mercenaries,” the company said. “The inclusion of Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further strengthens device security and tightly restricts certain functionalities, sharply reducing the attack surface that can potentially be exploited by highly targeted mercenary spyware.”
As Apple says, Lockdown mode disables all kinds of protocols and services that work normally. Just-in-time JavaScript—an innovation that speeds up performance by compiling code on the device at runtime—won’t work at all. This is likely a defense against the use of JiT-spraying, a common technique used in malware exploitation. While in lock mode, devices also cannot enroll in what is known as mobile device management, used to install special software specific to the organization.
Advertising
The full list of restrictions is:
- Messages: Most types of message attachments other than images are blocked. Some features, such as link previews, are disabled.
- Web surfing: Some complex web technologies, such as just-in-time (JIT) compilation of JavaScript, are disabled unless the user excludes a trusted site from lockdown mode.
- Apple Services: Incoming invitations and requests for services, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
- Cable connections to a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed and the device cannot be registered with Mobile Device Management (MDM) while the lock mode is on.
It’s helpful that Apple is upfront about the extra friction that Lockdown adds to the user experience, because it underscores what any security professional or hobbyist knows: Security always comes at a trade-off for usability. It’s also encouraging to hear that Apple plans to allow users to list the sites that are allowed to serve JIT JavaScript while in lockdown mode. Fingers crossed Apple can enable a similar whitelist of trusted contacts.
Lockdown mode is a big deal for many reasons, not the least of which is that it comes from Apple, a company that is hypersensitive to customer perception. Officially admitting that its customers are vulnerable to the scourge of mercenary spyware is a big step.
But the move is great because of its simplicity and concreteness. No security snake oil here. If you want better security, learn to do without the services that pose the biggest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about counseling victims of NSO spyware, said Lockdown Mode provides one of the first effective courses for vulnerable people to follow, short of turning off devices entirely you are
“When you let users know they’ve been targeted by sophisticated threats, they inevitably ask, ‘How can I make my phone more secure?'” he wrote.’ “We haven’t had a lot of great, honest responses that really make an impact. Hardening a consumer phone is truly unattainable.”
3/There is a common mental barrier among major platform and operating system developers around the inclusion of high security features.
Many unavoidable considerations such as:
– Poorer user experience (especially compared to the competition!) – Broken features – More resources needed for customer support, etc.
— John Scott-Railton (@jsrailton) July 6, 2022
Now that Apple has opened the door, it’s inevitable that Google will follow suit with its Android OS, and it wouldn’t be surprising to see other companies join in as well. It may also start a useful discussion in the industry to expand the approach. If Apple is going to allow users to disable unwanted messages from strangers, why can’t it provide an option to disable the built-in microphone, camera, GPS, or cellular capabilities?
One thing everyone should know about Lock Mode, at least as described by Apple on Wednesday, is that it doesn’t stop your device from connecting to cellular networks and broadcasting unique identifiers like IMEI and ICCID. This is not a criticism, just a natural limitation. And compromises are a major part of security.
So if you’re like most people, you’ll never need Lockdown mode. But it’s great that Apple will offer it because it will make us all safer.
Add Comment