Monitor the rental industry In recent years, it has become a real threat to activists, dissidents, journalists and human rights defenders around the world as suppliers provide governments with increasingly invasive and effective spyware. The most sophisticated of these tools, like NSO Group’s infamous Pegasus spyware, use rare and sophisticated exploits to attack victims’ smartphones to compromise Apple’s iOS and Google’s Android mobile operating systems. Activists and security experts are increasingly calling for tougher measures to protect the vulnerable as the victims’ conditions worsen. Now Apple has a choice.
Today, Apple announced a new feature for its upcoming iOS 16 release called Lockdown Mode. Apple emphasized that the feature was created for a small group of users who are at risk of government attack, and that the feature is not expected to be widely adopted. But for those who want to use it, the feature is an alternative mode to iOS that severely restricts the tools and services a spyware attacker can control a victim’s device.
“This is an unprecedented step for high-risk users,” Ron Deibert, director of Citizen Lab at the University of Toronto, said on a call with reporters ahead of the announcement. “I believe it will cause trouble for their modus operandi. … I expect [spyware vendors] Trying to evolve, but hopefully this feature will prevent some of these hazards from happening in the future. “
Lockdown mode is an operating system independent mode. To turn it on, users enable the feature in the settings menu and are then prompted to restart the device for all protections and digital defenses to fully take effect. This feature places a limit on the most leaky part of the operating system’s sieve. Lockdown mode attempts to comprehensively address threats from web browsing, for example, by blocking many of the speed and efficiency features that Safari (and WebKit) use to render web pages. Users can specifically mark a webpage as trusted so that it loads normally, but by default, Lockdown Mode imposes a number of restrictions that extend to wherever WebKit is working behind the scenes. In other words, the same lock mode protections apply when you load web content in a third-party app or an iOS app like Mail.
Lockdown mode also restricts various incoming invitations and requests unless the device initiates the request first. This means your friends won’t be able to call you on FaceTime, for example, if you never call them. Going a step further, even if you initiate an interaction with another device, Lockdown Mode will only support that connection for 30 days. If you haven’t spoken to a particular friend in the weeks after that, you’ll need to reconnect before they can contact you again. In Messages (a common target for spyware exploits), lock mode does not show link previews and blocks all attachments except some trusted image formats.
Lockdown mode also strengthens other protections. For example, when a device is locked, it will not receive connections from anything physically plugged into it. And, crucially, once Lockdown Mode is turned on, devices that haven’t been enrolled with one of Apple’s enterprise mobile device management (MDM) programs can’t be added to one of these programs. This means that if your company provides you with a phone that is registered in company MDM, it will remain active if you then enable Lockdown Mode. Your MDM administrator cannot remotely turn off Lockdown Mode on your device. However, if your phone is just a normal consumer device and you put it in lock mode, you won’t be able to activate MDM. This is important because attackers trick victims into enabling MDM, thereby gaining the ability to install malicious applications on their devices.
