With targeted spyware and cybersecurity threats on the rise, Apple is pulling out all the stops to ensure that the most at-risk iPhone users will have as much protection as possible in iOS 16.
Although iOS has always been designed with a high level of security, an increasing number of state-sponsored “mercenary spyware” tools such as Pegasus have proven skillful at circumventing many of the built-in protections. No sooner does Apple shore up security in a critical iOS update than the hackers behind these tools find another way in.
Apple has been playing a cat-and-mouse game with these companies for several years, but it’s becoming clear that this may not be a battle that can be won through conventional means. Companies behind tools like Pegasus and Predator cater to many foreign governments and therefore have vast resources available to them that can give even the three-trillion-dollar Apple a run for its money.
These military-grade spyware tools aren’t something to be taken lightly, either. Pegasus is dangerous enough to have infected the iPhones of U.S. State Department officials, and it’s such a severe problem that Apple has brought legal action against its developer, NSO Group, in an attempt to litigate the company out of existence.
However, even if Apple succeeds in its case against NSO Group, it won’t solve the bigger problem. NSO Group may fall, but there will be countless others ready to take its place.
The real problem is that security has always necessitated a tradeoff with usability. To put it in simple terms, you can build a very secure building if nobody ever needs to enter it. However, as soon as you install a door, you’ve provided a way in, and now you have to manage that access point. The higher the security against unauthorized entry, the more cumbersome it is for legitimate users.
The same applies to using the iPhone. There’s always been a limit to how far Apple can go. If it expects ordinary folks to buy an iPhone, it can’t enforce 32-character passwords with five-finger biometric authentication and retina scans. Nor does Apple want to inconvenience the vast majority of iPhone users by limiting what websites they can visit, what apps they can install, or who they can exchange messages with.
However, with a higher-than-acceptable number of iPhone users falling victim to sophisticated professional spyware, Apple has decided that enough is enough, and it needs to do something more to protect these users.
To that end, Apple has announced a new extreme Lockdown Mode coming in iOS 16 that will put the iPhone into the highest security mode possible without powering it down.
The idea being Lockdown Mode is similar to Google’s Advanced Protection Program (APP) in that it’s designed to meet the higher security needs of a relatively small group of customers. In Google’s case, the Advanced Protection Program protects folks like journalists and activists who may become the targets of attacks against their online accounts such as Gmail or Google Drive.
Apple’s Lockdown Mode is intended to serve a similar audience, except that in this case, it’s not about protecting online accounts from hackers but rather the iPhone in your hand against military-grade spyware.
Apple makes the most secure mobile devices on the market. Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks. While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.Ivan Krstić, Apple’s head of Security Engineering and Architecture.
How Lockdown Mode Will Work
Apple’s new Lockdown Mode will be like wrapping your iPhone up in a suit of armor. It will limit many of the normal functions of the iPhone and even turn some features off to make security the absolute number one priority.
Lockdown Mode secures things on such a fundamental level that you’ll need to restart your iPhone after enabling it. This ensures that the safety provisions it offers are enabled at the lowest boot kernel level of the operating system.
While Apple plans to improve Lockdown Mode further, here are some of the things that your iPhone won’t be able to do in this mode:
- Almost all attachments in Messages will be blocked other than images.
- Link Previews in Messages will be disabled to prevent malicious code from loading in the background.
- All Shared Albums will be removed from the Photos app, and you won’t be able to receive invitations to new Shared Albums.
- Incoming invitations from Apple services such as iMessage and FaceTime are blocked from anybody you haven’t already sent a message to or called previously.
- All wired connections with a computer or accessory are blocked. This includes syncing with a computer or even connecting to CarPlay. Basically, the Lightning port is shut down for everything except charging.
- Configuration profiles and Mobile Device Management (MDM) profiles cannot be installed.
These restrictions are a hardline approach designed to close off the most common attack vectors used by sophisticated targeted spyware tools. For example, rather than simply closing loopholes that protect against malicious code in Messages, the new Lockdown Mode will prevent any code from running in the Messages app at all.
Likewise, disabling data communications over the Lightning port will render devices like the GrayKey box completely unusable against locked down iPhones and protect users from compromised Lightning cables.
Configuration Profiles and Mobile Device Management systems are often used to gain a higher level of access to an iPhone. That’s fine when it’s your employer managing a company-issued iPhone, but it’s not so great when a hacker manages to install an MDM profile without your knowledge.
Apple Will Pay $2 Million to Anyone who Can Bypass Lockdown Mode
Apple is also putting its money where its mouth is. Not only will Lockdown Mode make an iPhone more secure out of the gate, but Apple plans to engage security researchers in a big way to ensure that Lockdown Mode remains tested.
To stress-test Lockdown Mode, Apple is offering $2,000,000 — the highest Security Bounty payout in the industry — to any researcher that can find ways to bypass the new security mode and help improve it.
That’s double Apple’s usual one-million bounty, and the company hopes that it will incentivize the security research community to make Lockdown Mode even better.
Apple is also making a $10 million grant, plus any damages it receives from its lawsuit against NSO Group, to support organizations that investigate, expose, and prevent these highly targeted cyberattacks. The grant is being made to the Ford Foundation’s Dignity and Justice Fund, which will disburse individual grants in late 2022 and early 2023 to fund “approaches to help expose mercenary spyware and protect potential targets.”
The Ford Foundation’s involvement centers on the fact that most of these targeted mercenary spyware attacks are being carried out against journalists and human rights advocates. Ron Deibert, director of the University of Toronto’s Citizen Lab — a research group that’s been tracking Pegasus for years — noted that these tools that were ostensibly designed for counterterrorism have been widely abused to violate human rights and suppress free speech.
There is now undeniable evidence from the research of the Citizen Lab and other organizations that the mercenary surveillance industry is facilitating the spread of authoritarian practices and massive human rights abuses worldwide. I applaud Apple for establishing this important grant, which will send a strong message and help nurture independent researchers and advocacy organizations holding mercenary spyware vendors accountable for the harms they are inflicting on innocent people.Ron Deibert, director of the University of Toronto Citizen Lab research group
The new Lockdown Mode is now available in the third betas of iOS 16, iPadOS 16, and macOS Ventura, released to developers today. It can be found in the Privacy & Security section of the iPhone/iPad Settings app or in the new System Settings app that replaces System Preferences on the Mac.