Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Apple Adds ‘Lockdown Mode’ to Thwart .Gov Mercenary Spyware

Faced with a surge in state-sponsored mercenary spyware attacks targeting its iOS platform, Apple plans to add a new ‘Lockdown Mode’ that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploits.

Faced with a surge in state-sponsored mercenary spyware attacks targeting its flagship iOS platform, Apple plans to add a new ‘Lockdown Mode’ that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploits.

The Cupertino, Calif. tech giant said the Lockdown Mode capability will be available on iOS 16, iPadOS 16, and macOS Ventura as “an extreme, optional protection for the very small number of users” who are targeted by governments for surveillance.

“Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware,” Apple said in a note published Wednesday.

READ: Google: NSO Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

iOS Lockdown ModeAt launch, Apple said the new Lockdown Mode will include the following protections: 

• Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.

• Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.

• Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.

• Wired connections with a computer or accessory are blocked when iPhone is locked.

Advertisement. Scroll to continue reading.

• Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

“Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture. “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” Krstić added.

[ READ: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation ]

Apple also announced the creation of a new category within its bug bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000, the highest maximum bounty payout in the industry, the company said.

The device maker is also planning to offer a $10 million grant to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware. 

Apple’s latest announcements are in response to a wave of zero-day attacks hitting iOS and macOS users with sophisticated exploits that plant high-end surveillance tools. The company has filed a lawsuit against notorious Israeli spyware maker NSO Group and added a new BlastDoor’ sandbox to protect its platform from zero-click exploits.

Related: Google: NSO  Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits 

Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Related: Citizen Lab Exposes Cytrox as Vendor Behind ‘Predator’ iPhone Spyware

Related: New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.