Apple has announced a new “lock mode” for iPhone, iPad and Mac to protect against Pegasus-style cyberattacks.
Lockdown mode is an optional protection for users who face “serious, targeted threats to their digital security,” such as journalists and activists, Apple said.
When a device is in lock mode, apps, websites and features are restricted for security reasons and others are completely disabled.
For example, most types of message attachments in the Messages app other than images are blocked, and other features such as link previews are disabled.
Incoming invitations and requests for services, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
The new mode also blocks access to the iPhone when it’s connected to a computer or accessory.
Lockdown Mode will be released this fall with iOS 16, the tech giant’s new software update announced last month.
Lockdown Mode will be released this fall with iOS 16, the tech giant’s new software update
ENABLE LOCK MODE
– On iOS, go to Settings
– Tap “Privacy & Security”
– Tap “Lock Mode”
– Select “Turn on Lock Mode”
(Lock Mode will be available in iOS 16)
Apple said Lockdown Mode is an “extreme” and “optional” protection for the “very small number of users who face serious, targeted threats to their digital security.”
It offers protection to consumers at risk of cyberattacks from private companies that develop state-sponsored “spyware” – software that steals information from a device.
Spyware is a specific type of malicious software (malware) that steals information from a computer and sends it to a third party without the person’s knowledge.
An example of this is the Pegasus spyware, which has already been used by governments to spy on world leaders, politicians, journalists, activists and dissidents and other high-profile figures.
Made by Israeli firm NSO Group, Pegasus is a powerful tool that allows its operator to hack into a target’s phone and wipe its contents, including messages, contacts and location history.
Among those targeted by Pegasus are Hanan Elatr, the wife of Saudi-born Washington Post journalist Jamal Khashoggi, who was killed by a Saudi punitive squad in 2018, and Rula Khalaf, editor of the Financial Times.
“Lockdown Mode is an innovative capability that reflects our unwavering commitment to protecting users from even the rarest and most sophisticated attacks,” said Ivan Krastic, Apple’s head of security engineering and architecture.
“While the vast majority of users will never be victims of highly targeted cyber attacks, we will work tirelessly to protect the small number of users who are.”
Apple said Lockdown Mode is an extreme” and optional protection for the “very small number of users who face serious, targeted threats to their digital security.”
Israeli firm NSO’s Pegasus spyware has already been used by governments to spy on journalists, activists and dissidents (file photo)
LOCK MODE CHARACTERISTICS
At startup, lock mode includes the following:
– Messages: Most types of message attachments other than images are blocked. Some features, such as link previews, are disabled.
– Web browsing: Some complex web technologies, such as just-in-time (JIT) compilation of JavaScript, are disabled unless the user excludes a trusted site from lockdown mode.
– Apple services: Incoming invitations and requests for services, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
– Cable connections to a computer or accessory are blocked when iPhone is locked
– Configuration profiles cannot be installed and the device cannot be registered in mobile device management.
“This includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world who are doing critically important work in uncovering the mercenary companies that create these digital attacks.”
The Apple giant listed five Lockdown Mode features available at launch, but said it will continue to improve the tool over time with additional features.
It will also reward researchers who find flaws in the lock mode, which will help make it more resilient and better protect users.
The tech firm said it is doubling the security rewards it is offering to researchers who find vulnerabilities in the lockdown mode – to $2m (£1.7m), the highest maximum reward payout in the industry.
Ron Deibert, director of the Citizen Lab at the University of Toronto, said there is “irrefutable evidence” that the mercenary surveillance industry facilitates the spread of “authoritarian practices and massive human rights abuses.”
“I applaud Apple for establishing this important grant, which will send a strong message and help support independent researchers and advocacy organizations that hold spyware vendors accountable for the harm they inflict on innocent people,” he said.
Christoph Hebeson, director of security intelligence research at San Francisco-based Lookout, said Lockdown Mode will not reduce the “attack surface” of third-party apps unless those apps also implement separate blocking measures.
In addition, the functionality and performance of the user’s device may be limited in locked mode.
“This may be a trade-off that some users may be willing to accept for a while, but the inconvenience will create an incentive to disable the lock mode,” Hebeson said.
Apple also announced it is funding a $10m (£8.4m) grant to support organizations that investigate, detect and prevent cyber attacks and more targeted spyware attacks.
The grant is awarded to the Dignity and Justice Fund, which was created and is advised by the Ford Foundation, an organization that aims to promote justice worldwide.
PEGASUS: HOW THE POWERFUL SPYWARE USED TO HACK JOURNALISTS WORKS
Pegasus is a powerful piece of “malware” – malicious computer software – developed by Israeli security firm NSO Group.
This particular form of malware is known as “spyware,” meaning it is designed to collect data from an infected device without the owner’s knowledge and forward it to a third party.
While most spyware is limited in scope – collecting data only from certain parts of an infected system – Pegasus appears to be much more powerful, allowing its controller almost unlimited access to and control over an infected device.
This includes access to contact lists, emails and text messages, along with stored photos, videos and audio files.
Pegasus can also be used to take control of a phone’s camera or microphone to record video and audio, and access GPS data to verify where the phone’s owner has been.
It can also be used to record new incoming or outgoing phone calls.
Early versions of the virus infected phones using crude “phishing” attacks, where users are tricked into downloading the virus to their own phones by clicking on a malicious link sent via text or email.
But researchers say the software has become much more sophisticated, exploiting vulnerabilities in common phone apps to launch so-called zero-click attacks that can infect devices without the user doing anything.
For example, in 2019 WhatsApp revealed that 1,400 people had been infected by NSO Group software using a so-called zero-day bug – a previously unknown bug – in the app’s calling feature.
Users were infected when a WhatsApp call was made to their phones, regardless of whether they answered the call or not.
More recently, NSO began exploiting vulnerabilities in Apple’s iMessage software, giving it access to hundreds of millions of iPhones.
Apple says it is constantly updating its software to prevent such attacks, although human rights group Amnesty claims it has found successful attacks on even the most up-to-date iOS systems.
NSO Group says Pegasus can also be installed on devices using wireless transceivers located near the target, or can be run directly on the device if it is stolen first.
Add Comment