Apple Launches Lockdown Mode To Protect Its OSes Against Cyber Attacks
Apple Launches Lockdown Mode To Protect Its OSes Against Cyber Attacks
Apple is giving consumers who may be at risk of highly focused cyberattacks from commercial businesses creating state-sponsored mercenary spyware specific additional protection through a ground-breaking security feature that is now under preview. Apple is also disclosing information on a $10 million grant it received to support research uncovering these vulnerabilities.
Apple unveiled two programs today to assist in defending customers who may be specifically targeted by some of the most cutting-edge cyberthreats, such as those from private organizations creating state-sponsored mercenary spyware. Apple Lockdown Mode is an extreme, optional kind of protection for the extremely small percentage of customers who are subject to serious, targeted threats to their digital security. It is the first major capability of its kind and will be released this autumn with iOS 16, iPadOS 16, and macOS Ventura. Apple also provided information on the $10 million cybersecurity fund it established in November, which would help civil society organizations that study and advocate against the threat posed by mercenary spyware.
The most secure mobile devices are those made by Apple. Ivan Krsti, Apple’s head of Security Engineering and Architecture, called Lockdown Mode “a ground-breaking feature that demonstrates our steadfast commitment to protecting consumers from even the rarest, most sophisticated assaults.” Even though the vast majority of users will never fall prey to highly targeted cyberattacks, we will do all in our power to defend the small percentage of people who do. This entails continuing to devise safeguards tailored for these users and supporting academics and organizations working tirelessly to expose mercenary firms behind these cyberattacks.
For the extremely few individuals who may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other commercial organizations creating state-sponsored mercenary malware, Lockdown Mode offers an extreme, discretionary level of security. Apple Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura substantially reduces the attack surface that might be exploited by highly targeted mercenary spyware by strengthening device protections and rigidly limiting some functionality.
The following security features are present in Lockdown Mode at launch:
• Messages: All attachment kinds besides photos are restricted. Link previews are one of the functions that is deactivated.
• Web browsing: Unless the user excludes a trusted site from Lockdown Mode, some advanced web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled.
• Apple services: If the user has not already made a call or requested a service from the initiator, incoming invitations and requests, including FaceTime calls, are denied.
• When the iPhone is locked, wired connections to a computer or device are disabled.
• When Lockdown Mode is activated, configuration profiles cannot be deployed and the device cannot be enrolled in mobile device management (MDM).
Apple will gradually increase Lockdown Mode’s security and add more safeguards to it. Apple has also created a new category inside the Apple Security Bounty program to reward researchers who discover Lockdown Mode bypasses and help strengthen its defenses in an effort to solicit input and cooperation from the security research community. In Lockdown Mode, rewards are increased by two times for eligible discoveries, up to a maximum bounty payout of $2,000,000, which leads the industry.
Along with any monetary awards from the lawsuit brought against NSO Group, Apple is also donating $10 million to groups that investigate, reveal, and stop highly targeted assaults, including those made by commercial corporations producing state-sponsored mercenary spyware. The contribution will be given to the Ford Foundation’s Dignity and Justice Fund, which was created to aggregate philanthropic resources to promote social justice globally. The Ford Foundation is a private foundation dedicated to furthering equity worldwide. The New Venture Fund is a 501(c)(3) public charity, and The Dignity and Justice Fund is one of its fiscally funded initiatives.
The director of the Ford Foundation’s Technology and Society program, Lori McGlinchey, stated that “the worldwide spyware trade targets human rights defenders, journalists, and dissidents; it encourages violence, perpetuates authoritarianism, and supports political repression.” The Ford Foundation is honored to assist this outstanding effort to help civil society research and advocacy efforts to thwart mercenary spyware. We must expand on Apple’s commitment, therefore we extend an invitation to businesses and donors to contribute to the Dignity and Justice Fund and provide more funding for our joint effort.
The Dignity and Justice Fund anticipates disbursing its first funds in late 2022 or early 2023. These payments will initially go toward strategies that aim to reveal mercenary malware and safeguard possible targets, such as:
• Increasing field coordination and organizational capability for existing and emerging civil society cybersecurity advocacy groups.
• Assisting in the creation of standardized forensic techniques that adhere to evidentiary requirements to find and prove spyware penetration.
• Enabling civil society to collaborate more successfully with device makers, software developers, commercial security organizations, and other pertinent businesses to pinpoint and fix vulnerabilities.
• Raising awareness of the worldwide mercenary spyware market among investors, journalists, and policymakers.
• Increasing the ability of human rights defenders to spot and stop spyware assaults, including security audits for organizations with particularly serious network security risks.
An impartial, international Technical Advisory Committee will provide guidance on The Dignity and Justice Fund’s grant-making strategy to investigate, monitor, and hold the advanced cyber weapons trade accountable. Initial participants are:
• Daniel Bedoya Arroyo, an analyst at Access Now’s digital security service platform
• Ron Deibert, a political science professor at the University of Toronto’s Munk School of Global Affairs & Public Policy and the head of the Citizen Lab
- Co-deputy director of The Engine Room Paola Mosso
• Rasha Abdul Rahim, Amnesty International’s director of Amnesty Tech
Head of Apple Security Engineering and Architecture Ivan Krsti
Ron Deibert, the director of the Citizen Lab, a research group at the University of Toronto, stated that there is “now undeniable evidence from the research of the Citizen Lab and other organizations that the mercenary surveillance industry is facilitating the spread of authoritarian practices and massive human rights abuses worldwide.” I commend Apple for creating this crucial funding, which will send a clear statement and support independent researchers and advocacy groups that hold mercenary spyware vendors accountable for the harms they are causing to innocent individuals.