Apple’s new iPhone lock mode fights hacking

What’s happening
Apple is developing a new “lockdown mode” for its iPhone, iPad and Mac computers. It’s designed to combat industrial-grade hacking attacks like NSO Group’s Pegasus.

Why it matters
Although these attacks are happening to a small group of people, the threat is growing. pegasus is being used to spy on human rights activists, lawyers, politicians and journalists around the world. Apple says it has discovered similar attacks on people in 150 countries in the last eight months.

What’s next
Apple will release Lockdown Mode for free later this year, and says it plans to make regular updates and improvements. The company has also expanded its bug bounty and created a grant to encourage further research on the issue.

For years, Apple has marketed its iPhone, iPad and Mac computers as the most secure and privacy-conscious devices on the market. Last week, it stepped up that effort with a new feature introduced this fall called “Lockdown Mode,” which is designed to combat targeted hacking attacks such as the Pegasus malware that some governments have reportedly used on human rights workers, lawyers, politicians and journalists around the world. Apple also announced a $10 million grant and a bounty of up to $2 million for vulnerabilities to encourage further research into this growing threat.

The tech giant said lockdown mode is designed to activate “extreme” protections for its phones, such as blocking previews of attachments and links in messages, web browsing techniques that could be hacked and FaceTime calls from unknown numbers. People will also not be able to install new remote management software on their devices while they are in lockdown mode. The new features are available in beta software for developers this summer and will be released publicly for free in the fall as part of iOS 16, iPadOS 16 and MacOS Ventura.

“While the vast majority of users will never be victims of a highly targeted cyber attack, we will work tirelessly to protect a small number of users,” Ivan Krstić, Apple’s head of security engineering and architecture, said in a statement. “Lockdown Mode is a groundbreaking feature that reflects our unwavering commitment to protecting users from the rarest and most sophisticated attacks.”

In addition to a new lockdown model that Apple calls an “extreme” measure, the company also announced a $10 million grant to the Ford Foundation’s Dignity and Justice Fund to help support human rights and combat social oppression.

The company’s efforts to strengthen the security of its devices come at a time when the technology industry is increasingly facing targeted cyber attacks from authoritarian governments around the world. Unlike widespread ransomware or virus campaigns, which are often designed to spread indiscriminately the furthest and fastest through home and corporate networks, attacks like the one using Pegasus are designed for quiet intelligence gathering.

Pegasus’ free software updates, and then it sued NSO Group to stop the company from developing or selling any more hacking tools. It also began sending “threat notifications” to potential victims of the hacking tools, which Apple calls “spyware for hire. While the number of people targeted by these campaigns is very small, the company says it has notified people in about 150 countries since November.

Other tech companies have expanded their security methods in recent years. Google has a program called Advanced Account Protection, designed for “anyone at risk of targeted attacks online” by adding an extra layer of security to logins and downloads. Microsoft is increasingly working on password dumps.

Apple has said it plans to expand its lockdown model over time and has announced a bounty of up to $2 million for vulnerabilities found in new features. For now, its main goal is to disable computer features that may be useful but leave people vulnerable to potential attacks. This includes turning off some fonts, link previews, and FaceTime calls from unknown accounts.

Apple representatives said the company is trying to find a balance between usability and extreme protection, adding that the company is publicly committed to enhancing and improving the feature. In the latest iteration of Locked Mode, which will be sent to developers in an upcoming beta software update, apps that display web pages will follow the same restrictions that Apple apps follow, but people can pre-approve some sites to circumvent Locked Mode if desired. People in lockdown mode must also unlock their devices before they can connect to accessories.

Encourage more research

In addition, Apple said it hopes to plan a $10 million grant to the Dignity and Justice Fund, which will help encourage more research on these issues and expand training and security audits for those who may be targeted.

“Every day we see these threats expand and deepen,” said Lori McGlinchey, director of technology and society programs at the Ford Foundation, who is working with technical advisors, including Apple’s Krstić, to help guide the fund. “In recent years, spyware has been used by state and non-state actors to track and intimidate human rights defenders, environmental activists and dissidents in virtually every region of the world.”

Ron Deibert, professor of political science at the University of Toronto’s Munk School of Global Affairs and Public Policy and director of the Citizen Lab cybersecurity fellowship, said he expects Apple’s lockdown model to be a “major blow to spyware companies and cybersecurity. governments that rely on their products.”

“We’re doing what we can to work with some investigative journalists, but that’s it, it’s a huge asymmetry,” he said, adding that Apple’s $10 million grant will help attract more work to address the problem. “You have a huge industry, lucrative and almost completely unregulated, profiting from huge contracts from governments interested in doing this kind of spying.”

Leave a Reply

Your email address will not be published. Required fields are marked *