Apple’s Lockdown Mode Aims to Counter Spyware Threats


The rental surveillance industry In recent years it has become a very real threat to activists, dissidents, journalists and human rights defenders around the world, as marketers offer increasingly invasive and effective spyware to governments. The most sophisticated of these tools, such as the NSO Group’s famous Pegasus spyware, target victims ’smartphones with rare and sophisticated exploits to compromise Apple’s Android and Google’s iOS mobile operating systems. As the situation of the victims has deteriorated, security activists and experts have called for more and more drastic measures to protect vulnerable people. Now Apple has a choice.

Today, Apple announces a new feature for its upcoming release of iOS 16 called Lock Mode. Apple points out that the feature was created for a small subset of users who are at high risk for government guidance and does not expect the feature to be widely adopted. But for those who want to use it, the feature is an alternative mode of iOS that severely restricts the tools and services that spyware players target to take control of victim devices.

“This is an unprecedented step in user safety for high-risk users,” Ron Deibert, director of the University of Toronto’s Citizen Lab, said in a call with reporters ahead of the announcement. “I think this will put a key in your modus operandi [spyware vendors] to try to evolve, but hopefully this feature will prevent some of this damage from happening in the future. “

Lock mode is a standalone operating system mode. To turn it on, users turn on the feature in the setup menu and then are asked to restart their device for all digital protections and defenses to take effect. The feature imposes limitations on the most leaked parts of the operating system sieve. Blocking mode attempts to comprehensively address web browsing threats, for example, by blocking many of the speed and efficiency features that Safari (and WebKit) use to represent web pages. Users can specifically mark a particular web page as trusted so that it loads normally, but by default, lock mode imposes a number of restrictions that extend to anywhere WebKit is working behind the scenes. In other words, when you upload web content to a third-party app or iOS app like Mail, the same lock mode protections will apply.

Lock mode also limits all types of incoming invitations and requests, unless the device has first initiated a valuable request. This means that your friend will not be able to call you on FaceTime, for example, if you have never called him. And to go one step further, even when you start an interaction with another device, the lock mode only respects that connection for 30 days. If you do not speak to a particular friend for weeks after that, you will need to re-establish contact before he or she can contact you again. In Messages, a common target of spyware exploitation, the lock mode will not show link previews and will block all attachments, except for some trusted image formats.

Lock mode also reinforces other protections. For example, when a device is locked, it will not receive connections from anything that is physically connected to it. And most importantly, a device that is not yet registered with one of Apple’s enterprise mobile device (MDM) management programs cannot be added to any of these schemes once the lock mode is activated. This means that if your company provides you with a phone registered in the corporate MDM, it will remain active if you activate the lock mode. And your MDM manager can’t remotely disable lock mode on your device. But if your phone is just a regular consumer device and you put it in lock mode, you won’t be able to activate MDM. This is important because attackers will trick victims into enabling MDM as a way to gain the ability to install malicious applications on their devices.



Source link

Leave a Comment