Apple adds ‘lockdown mode’ to thwart mercenary .Gov spyware

Faced with a surge in state-sponsored mercenary spyware attacks targeting its flagship iOS platform, Apple plans to add a new “lockdown mode” that drastically reduces the attack surface and adds technical barriers to limit sophisticated software exploits.

The Cupertino, Calif.-based tech giant said lockdown mode capability will be available on iOS 16, iPadOS 16, and macOS Ventura as “extreme, optional protection for the very small number of users” who are targeted by governments for oversight.

“Enabling Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further strengthens device defenses and severely limits certain features, dramatically reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware” , Apple said in a statement. Remark published on Wednesday.

LILY: Google: NSO Zero-Click “the most technically sophisticated exploit ever seen”

At launch, Apple said the new Lock Mode will include the following protections:

posts: Most types of message attachments other than images are blocked. Some features, such as link previews, are disabled.

web browsing: Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from lockdown mode.

Apple Services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not already sent a call or request to the initiator.

Wired connections to a computer or accessory are blocked when iPhone is locked.

Configuration profiles cannot be installed and the device cannot enroll in mobile device management (MDM) when lockdown mode is enabled.

“Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users against the rarest and most sophisticated attacks,” said Ivan Krstić, head of engineering and security architecture at Apple. “While the vast majority of users will never fall victim to highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” Krstić added.

[ READ: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation ]

Apple also announced a new category within its bug bounty program to reward researchers who find workarounds to Lockdown Mode and help improve its protections. Bonuses are doubled for qualifying results in lockdown mode, up to a maximum of $2,000,000, the highest maximum bonus payout in the industry, the company said.

The device maker also plans to offer a $10 million grant to support organizations that investigate, expose and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware. .

Apple’s latest announcements are in response to a wave of zero-day attacks hitting iOS and macOS users with sophisticated exploits that install high-end monitoring tools. The company has taken legal action against notorious Israeli spyware maker NSO Group and added a new BlastDoor sandbox to protect its platform from no-click exploits.

Related: Google: NSO Zero-Click “the most technically sophisticated exploit ever seen”

Related: Secret Israeli Exploitation Company Behind Wave of Zero-Day Exploits

Related: Apple Files Lawsuit Against NSO Group Over Exploiting Pegasus iOS

Related: Citizen Lab Exposes Cytrox as Vendor Behind “Predator” iPhone Spyware

Related: New iOS Zero-Click Exploit Beats Apple’s “BlastDoor” Sandbox

views counter

Ryan Naraine is editor of SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a seasoned cybersecurity strategist who has implemented security engagement programs for major global brands including Intel Corp., Bishop Fox, and Kaspersky GReAT. He is co-founder of Threatpost and the SAS Global Conference Series. Ryan’s previous career as a security journalist included articles in major technology publications, including Ziff Davis eWEEK, CBS Interactive’s ZDNet, PCMag and PC World. Ryan is a director of the nonprofit organization Security Tinkerers, an advisor to startup entrepreneurs, and a regular speaker at security conferences around the world.
Follow Ryan on Twitter @ryanaraine.

Previous columns by Ryan Naraine:
Key words:

Previous A lifetime supply of White Castle burgers: Can we get in on the action?
Next Learn more about the Shanghai National Police's apparent data breach. Supply chain attack against NPM package manager. Marriott confirms hotel guest and employee data breach.