United Kingdom

Apple to launch ‘block mode’ to protect against Pegasus-style hacks | Data and computer security

Apple is rolling out a “lockdown mode” for its devices to protect people – including journalists and human rights activists – targeted by hacking attacks like those launched by NSO Group’s government clients using its Pegasus spyware.

Apple will roll out the tweak in the fall and believes it would have prevented known spyware attacks by closing technical avenues for digital espionage. It says the lockdown mode is intended for users who face “serious, targeted threats to their digital security.”

The news is a sign of how the proliferation of mercenary spyware, or tools that can be used by government customers to hack into any phone and remotely control it, has become a major business problem for Apple and other phone makers.

While for years Apple has appeared to play down the threat to its customers from Pegasus and other spyware, including emphasizing that such hacking attacks affect relatively few users, supporters of the company’s latest move say the new feature acknowledges the seriousness of the threat.

Protections offered by Lock Mode include blocking most message attachments, blocking incoming FaceTime calls if the user has not previously called the originator or sent a call request, and blocking access to the iPhone when connected to computer or accessory when it is locked .

Ron Deibert, founder and head of the Citizen Lab at the University of Toronto’s Munk School, said the new setup would “definitely” make it more challenging for clients of NSO Group and other companies to successfully target individuals, and compared it to the introduction of two-factor authentication.

“In other words, it’s introducing some kind of security measure that reduces functionality and user experience in exchange for security. And … hopefully other platforms would do something similar,” Deibert said. “We’ve seen major technology platforms begin to address the threats posed by the mercenary spyware industry. We certainly applaud and welcome that.”

He added that if the new setting is adopted by users, it will “completely reduce the possibility of getting inside and exploiting some kind of loophole in apps or other pieces of software” that make it possible for spyware like Pegasus to infect a phone.

When an iPhone or other phone is infected with Pegasus, the user of the spyware can effectively take over that phone, gaining access to messages, photos, and location. The software can even turn the phone into a remote eavesdropping device.

Apple does not disclose the number of its users subjected to Pegasus-style hacks, but its devices have been the victims of highly targeted attacks in 150 countries. Pegasus is a hacking program developed and licensed to governments around the world by NSO Group, an Israeli company. It can infect phones running iOS or Android, and can be delivered through “zero-click” attacks that don’t require any interaction with the phone’s owner to gain access to the device.

Sign up for First Edition, our free daily newsletter – every weekday morning at 7am BST

Apple, which is suing NSO in the US, said the new regime is designed for users at risk of being attacked by some of the “most sophisticated digital threats, such as those from the NSO Group and other private companies developing state-sponsored spyware for mercenaries. ” He describes the mode — which will come with iOS 16, iPadOS 16 and macOS Ventura in the fall — as an optional measure for “a very small number of users.”

Apple is offering a $2m (£1.7m) reward to anyone who finds a way around the new setting. He also announced a $10 million grant to the Dignity and Justice Fund, a funding initiative created by the Ford Foundation to help it detect and investigate targeted cyberattacks.

NSO said it investigates all credible allegations of abuse against its government customers and that its spyware is only intended to be used to target serious criminals such as pedophiles and terrorists.