Mercenary spyware is one of the most difficult threats to combat. It targets an infinitely small percentage of the world, making it statistically unlikely for most of us to ever see. And yet, because the sophisticated malware selects only the most influential people (think diplomats, political dissidents, and lawyers), it has a devastating effect that is far out of proportion to the small number of people infected.
This puts device and software manufacturers in a bind. How to build something to protect what is probably well under 1 percent of your user base from malware built by companies like NSO Group, a maker of click-free exploits that instantly converts fully updated iOS and Android devices to sophisticated bugging devices.
No safety hose oil here
On Wednesday, Apple unveiled an ingenious option that it plans to add to its flagship operating systems in the coming months to address the threat of mercenary spyware. The company is in advance – almost in your face – that Lockdown mode is an option that will impair the user experience and is only intended for a small number of users.
Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from the NSO Group and other individuals. companies that develop state-sponsored mercenary spyware, “the company said.” Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defense and severely limits certain features, greatly reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware. . “
The full list of restrictions is:
- Messages: Most types of attachments, except pictures, are blocked. Some features, such as link previews is disabled.
- Apple Services: Incoming invitations and service requests, including FaceTime calls, will be blocked if the user has not previously sent the caller a call or a request.
- Wired connections to a computer or accessory are blocked when the iPhone is locked.
- Configuration profiles cannot be installed and the device cannot sign in to mobile device management (MDM) while the lock mode is on.
Lockdown mode is a big thing for many reasons, not least that it comes from Apple, a company that is hypersensitive in terms of customer perception. Officially acknowledging that its customers are vulnerable to the plague of mercenary spyware is a big step.
But the move is big because of its simplicity and concreteness. No safety hose oil here. If you want better security, learn to do without the services that pose the greatest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about advising victims of NSO spyware, said Lockdown mode provides one of the first effective courses that vulnerable individuals can follow without turning off their devices completely.
“When you notify users that they have been targeted with sophisticated threats, they inevitably ask ‘How can I make my phone more secure?’ he wrote.’ “We have not received many good, honest answers that really make an impact. It’s really out of reach to harden a consumer handset. “
3 / There is a common mental barrier among major platforms and OS developers around the mainstreaming of high security features.
A lot of unavoidable considerations, such as:
– Poorer user experience (especially compared to competitors!)
– Breaking features
– More customer support resources, etc. are required.
– John Scott-Railton (@jsrailton) July 6, 2022
Now that Apple has opened the door, it’s inevitable that Google will follow suit with their Android OS, and it would not be surprising for other companies to fall in line as well. It can also start a useful discussion in the industry about expanding the approach. If Apple wants to allow users to disable unsolicited messages from strangers, then why can it not offer an option to disable the built-in microphone, camera, GPS or mobile features?
One thing that everyone should know about Lockdown mode, at least as described on Wednesday by Apple, is that it does not prevent your device from connecting to mobile networks and issuing unique identifiers such as IMEI and ICCID. It is not a criticism, just a natural limitation. And trade-offs are a core part of safety.
So if you are like most people, you never need Lockdown mode. But it’s great that Apple will offer it because it will make us all more secure.