EXECUTIVE SUMMARY:
Today, Apple is introducing a new security option that limits select features on its iOS devices. Known as “Lockdown Mode,” this rollout attempts to assuage concerns around newly developed spyware used to blast through a phone’s security protections.
In recent months, spyware produced by a cottage industry of ‘lawful intercept’ companies has been used to surveil journalists, human rights defenders, dissidents, business persons, lawyers and others. As a result, spyware owners, including government groups, have been able parse private text messages, read through emails or force phones to eavesdrop on surroundings.
Although Lockdown Mode may be a dramatic step, Apple felt the need to take decisive action as an increasing number of people become spyware victims.
Apple’s Lockdown Mode
Apple is billing the features as “an extreme, optional protection that should only be used if you believe you may be personally targeted by a highly sophisticated cyber attack.”
How Lockdown Mode works
Lockdown Mode runs on a separate operating system mode. In order to switch it on, users can:
1. Enable the feature in the Settings menu
2. Restart the device (when prompted)
Lockdown Mode Dev Details
Apple’s Lockdown Mode halts access to a number of features that spyware groups have previously exploited. It limits incoming invitations and requests, particularly as they relate to FaceTime. Messages will no longer show link previews, and attachments will automatically be blocked, with the exception of a few trusted image formats.
Lockdown Mode will also prevent iPhones from interacting with devices manually connected to it. This short-circuits police departments’ primary means of rummaging through an iPhone with forensics tools. In the past, such tools have been weaponized for evidence collection purposes. Experts state that this new feature will help protect privacy, particularly around personal matters that the US government may suddenly decide to prosecute targeted groups for.
Further, a device that is not already registered with one of Apple’s mobile device management programs (MDM) cannot be added to one of these registries once Lockdown Mode is on. In other words, if your company gives you a phone enrolled in the corporate MDM, it will remain active if you then enable Lockdown Mode. And the manager of your MDM will not be able to remotely turn off Lockdown Mode, which could otherwise pave the way for espionage or allow for accidental hacker takeovers.
The spyware evolution
Spyware vendors will attempt to evolve tools in such a way as to circumvent Apple’s Lockdown Mode. Nonetheless, Apple and others hope that this tool will prevent digital harm to individual iPhone users for the time being; until new security mechanisms are developed.
More information
Apple intends to continue refining Lockdown Mode and to expand it as needed. The company also recently added a new category to its bug bounty program, rewarding bug hunters who manage to find flaws in its Lockdown Mode or who discover total bypasses. Rewards may reach as much as $2 million.
In November, Apple also pledged to donate $10 million to research and defense related to spyware. The company has just issued a statement saying that the money will become a grant to the Ford Foundation’s Dignity and Justice Fund. Upon launch, advisers for the fund will include representatives from Access Now, Citizen Lab, the Engine Room and Amnesty International.
In conclusion
Spyware, surveillance and stalkerware are invasive-by-design and easily exploit digital ecosystems. Revelations around government spyware abuse indicate that we are shifting into a new digital paradigm.
For more on the latest iPhone spyware issues, please see CyberTalk.org’s past coverage. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.
