Why Lockdown Mode from Apple is one of the coolest security ideas ever

Why Lockdown Mode from Apple is one of the coolest security ideas ever

Apple

Mercenary spyware is one of the most difficult threats to combat. It targets an infinitely small percentage of the world, making it statistically unlikely for most of us to ever see. And yet, because the sophisticated malware selects only the most influential people (think diplomats, political dissidents, and lawyers), it has a devastating effect that is far out of proportion to the small number of people infected.

This puts device and software manufacturers in a bind. How to build something to protect what is probably well under 1 percent of your user base from malware built by companies like NSO Group, a maker of click-free exploits that instantly converts fully updated iOS and Android devices to sophisticated bugging devices.

No safety hose oil here

On Wednesday, Apple unveiled an ingenious option that it plans to add to its flagship operating systems in the coming months to address the threat of mercenary spyware. The company is in advance – almost in your face – that Lockdown mode is an option that will impair the user experience and is only intended for a small number of users.

Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from the NSO Group and other individuals. companies that develop state-sponsored mercenary spyware, “the company said.” Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defense and severely limits certain features, greatly reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware. . “

As Apple says, Lockdown mode disables all kinds of protocols and services that run normally. Just-in-time JavaScript – an innovation that speeds up the performance of compiling code on your device while running – will not run at all. It is probably a defense against the use of JiT spraying, a common technique used for malware exploitation. While in Lockdown mode, devices also cannot sign up for what is known as mobile device management, which is used to install special organization-specific software.

The full list of restrictions is:

  • Messages: Most types of attachments, except pictures, are blocked. Some features, such as link previews is disabled.
  • Web Browsing: Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple Services: Incoming invitations and service requests, including FaceTime calls, will be blocked if the user has not previously sent the caller a call or a request.
  • Wired connections to a computer or accessory are blocked when the iPhone is locked.
  • Configuration profiles cannot be installed and the device cannot sign in to mobile device management (MDM) while the lock mode is on.

It’s helpful that Apple is upfront about the extra friction Lockdown adds to the user experience because it underscores what any security professional or hobbyist knows: Security always results in a trade-off with ease of use. It’s also encouraging to hear that Apple plans to allow users to list the sites that are allowed to serve JIT JavaScript while in Lockdown mode. Crossing fingers for Apple can enable similar permission list of trusted contacts.

Lockdown mode is a big thing for many reasons, not least that it comes from Apple, a company that is hypersensitive in terms of customer perception. Officially acknowledging that its customers are vulnerable to the plague of mercenary spyware is a big step.

But the move is big because of its simplicity and concreteness. No safety hose oil here. If you want better security, learn to do without the services that pose the greatest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about advising victims of NSO spyware, said Lockdown mode provides one of the first effective courses that vulnerable individuals can follow without turning off their devices completely.

“When you notify users that they have been targeted with sophisticated threats, they inevitably ask ‘How can I make my phone more secure?’ he wrote.’ “We have not received many good, honest answers that really make an impact. It’s really out of reach to harden a consumer handset. “

Now that Apple has opened the door, it’s inevitable that Google will follow suit with their Android OS, and it would not be surprising for other companies to fall in line as well. It can also start a useful discussion in the industry about expanding the approach. If Apple wants to allow users to disable unsolicited messages from strangers, then why can it not offer an option to disable the built-in microphone, camera, GPS or mobile features?

One thing that everyone should know about Lockdown mode, at least as described on Wednesday by Apple, is that it does not prevent your device from connecting to mobile networks and issuing unique identifiers such as IMEI and ICCID. It is not a criticism, just a natural limitation. And trade-offs are a core part of safety.

So if you are like most people, you never need Lockdown mode. But it’s great that Apple will offer it because it will make us all more secure.

Leave a Reply

Your email address will not be published.