Canada

Apple Lock Mode: Why there’s a new level of security for your iPhone

This story is part of Focal Point iPhone 2022, CNET’s collection of news, tips and advice about Apple’s most popular product.

What is happening

Apple will offer a new “Lock Mode” for its iPhones, iPads and Mac computers this fall. It is designed to combat advanced hacking and targeted spyware such as NSO Group’s Pegasus.

Why it matters

With this move, Apple is somehow acknowledging that the threat is serious and growing. Pegasus has been used by repressive governments to spy on human rights activists, lawyers, politicians and journalists.

What next

Cybersecurity watchers believe Apple could push customers and competitors to take stronger security positions. Ultimately, the way we all use technology may have to change.

Three years ago, Apple released an ad in Las Vegas showing the back of one of its devices with the phrase “What happens on your iPhone, stays on your iPhone.” It was a bold, if cheeky, statement. But Apple is increasingly dealing with it.

The tech giant is stepping up its commitments to privacy and security with a series of new features that cybersecurity experts say are more than just a feature to differentiate its products from Samsung gadgets and other devices powered by Google’s Android OS. Instead, Apple’s actions have made waves in the advertising world and upset government officials — signs, technology watchers say, that Apple is making good on its promises.

That’s why many cybersecurity experts took note of Apple’s lockdown mode when it was unveiled last Wednesday. The feature is designed to enable “extreme” protections for the company’s iPhones, iPads and Macs. Among them, Apple’s Lock Mode blocks link previews in the Messages app, turns off potentially hackable web browsing technologies, and stops all incoming FaceTime calls from unknown numbers. Apple devices also won’t accept connecting accessories unless the device is unlocked.

Apple’s cheeky Las Vegas ad in 2019

CNET

Of the roughly 2 billion active devices around the world, Apple said few would actually need to turn on the feature. But cybersecurity experts say these types of extreme measures may need to become more common as governments around the world expand their reach while increasing the frequency of their attacks.

Just in the last week, the FBI and Britain’s MI5 intelligence agency took the rare step of issuing a joint warning about the “enormous” threat Chinese spies pose to “our economic and national security” and that their hacking program is “bigger than any other major country combined.” Other government agencies have issued similar warnings about hacking by other adversaries, including Russia, which the US Office of the Director of National Intelligence said in 2017 targeted think tanks and lobbying groups in addition to government and political parties.

And unlike widespread ransomware or virus campaigns, which are often designed to spread as quickly as possible, targeted attacks are often designed to quietly gather information that can lead to stolen technology, exposed government secrets, and more.

People are used to the convenience without understanding the problems.

Susan Landau, Tufts University

Apple itself said last week that it had tracked targeted hacking attempts against people in nearly 150 countries over the past eight months. Apple has already started a program to alert people when they might be targeted. When Lockdown Mode rolls out in the fall, cybersecurity experts say, it will represent an escalation on Apple’s part, especially since the feature will be available to anyone who wants to turn it on.

“There have been a number of attempts over the years to make highly secure devices, and it’s great to have these things and get them out there, but we haven’t seen widespread adoption,” said Kurt Opsal, deputy executive director and general counsel at the Electronic Frontier Foundation, which advocates for privacy and other civil liberties in the digital world. And while Opsahl believes an up-to-date phone is probably good enough for the average person, he said any way Apple can raise the cost of hacking a phone helps protect devices.

“Make no mistake, Lockdown Mode is going to be a big hit,” said Ron Deibert, professor of political science and director of the Citizen Lab for cybersecurity researchers at the University of Toronto.

Angela Lang/CNET

A change is coming

Much of Apple’s approach to cybersecurity can be traced back to 2010, when company co-founder Steve Jobs discussed his vision for privacy on stage at the D8 conference.

“Privacy means people know what they’re signing up for, in plain English, and repeatedly,” Jobs said. “Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of you asking them. Let them know exactly what you’re going to do.”

It was a departure from other Internet giants, such as Facebook, whose co-founder Mark Zuckerberg was listening in the audience. Google, Facebook, and Amazon largely make their money through targeted advertising, which is often at odds with users’ privacy. After all, the more targeted the ad, the more relevant and effective it is.

Apple, by comparison, makes little of its money from ads. Instead, iPhones, iPads and Mac computers accounted for more than 70% of its sales last year, adding up to a total of more than $259 billion.

Accordingly, Apple offers default security features to all its users. When people first download Facebook and start using it on their phone, they are quickly greeted with pop-ups asking if they want to give the app access to their microphone or camera.

Apple ultimately makes the easiest possible choice about security and privacy.

Jeff Pollard, Forrester

Last year, Apple went a step further by asking if people wanted to stop companies from tracking them on websites and apps, a feature Apple calls App Tracking Transparency. Surveys show that almost all people say they don’t want to be tracked, a move that Facebook owner Meta said has significantly hurt its finances, costing it up to $10 billion in lost sales this year. “This is a significant headwind that we have to work our way through,” Meta Chief Financial Officer David Wenner said in February.

But effectively offering a whole new iPhone mode is a whole new approach. When people enable Lock Mode on their device by flicking a switch in the Settings app, it must reboot – effectively loading a new set of codes and rules under Apple’s “extreme” security measures.

“Apple is ultimately making the easiest possible choice about security and privacy,” said Jeff Pollard, a Forrester analyst who focuses on cybersecurity and risk. Pollard said this approach offers an opportunity for Apple to test the waters between usability and security while fulfilling its promise to continually improve Lockdown Mode over time. “We have to make it easier so our opponents have to try harder.”

James Martin/CNET

Future security

Lockdown Mode may be one of Apple’s most significant security moves to date, but the company still has a long way to go. Craig Federighi, Apple’s senior vice president and head of software, testified in court last year that his company’s Macs face a “significantly bigger problem with malware” than its iPhones, iPads and other devices.

“Today we have a level of malware on the Mac that we don’t find acceptable,” Federighi said during testimony defending Apple in a lawsuit against Fortnite maker Epic Games. Each week, Apple identifies several pieces of malware on its own or with the help of third parties, he said at the time, and uses built-in systems to automatically remove malware from customers’ computers. However, the nasty programs are still spreading. In the year ending last May, Federighi said, Apple battled 130 types of Mac malware, and just one program infected 300,000 systems.

Lockdown mode doesn’t directly address widespread malware problems, but it could end up forcing hackers to devote even more time and resources to finding security holes they can exploit.

“Something has to be done,” said Betsy Sigman, distinguished professor emeritus at Georgetown University’s McDonough School of Business.

Privacy means people know what they’re signing up for, in plain English, and repeatedly.

Apple co-founder Steve Jobs in 2010

A troubling issue for Sigman is that malware developers can…