Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Apple Adds ‘Lockdown Mode’ to Thwart .Gov Mercenary Spyware

Faced with a surge in state-sponsored mercenary spyware attacks targeting its iOS platform, Apple plans to add a new ‘Lockdown Mode’ that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploits.

Faced with a surge in state-sponsored mercenary spyware attacks targeting its flagship iOS platform, Apple plans to add a new ‘Lockdown Mode’ that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploits.

The Cupertino, Calif. tech giant said the Lockdown Mode capability will be available on iOS 16, iPadOS 16, and macOS Ventura as “an extreme, optional protection for the very small number of users” who are targeted by governments for surveillance.

“Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware,” Apple said in a note published Wednesday.

READ: Google: NSO Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

iOS Lockdown ModeAt launch, Apple said the new Lockdown Mode will include the following protections: 

• Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.

• Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.

• Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.

• Wired connections with a computer or accessory are blocked when iPhone is locked.

• Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

“Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture. “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” Krstić added.

[ READ: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation ]

Apple also announced the creation of a new category within its bug bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000, the highest maximum bounty payout in the industry, the company said.

The device maker is also planning to offer a $10 million grant to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware. 

Apple’s latest announcements are in response to a wave of zero-day attacks hitting iOS and macOS users with sophisticated exploits that plant high-end surveillance tools. The company has filed a lawsuit against notorious Israeli spyware maker NSO Group and added a new BlastDoor’ sandbox to protect its platform from zero-click exploits.

Related: Google: NSO  Zero-Click ‘Most Technically Sophisticated Exploit Ever Seen’

Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits 

Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Related: Citizen Lab Exposes Cytrox as Vendor Behind ‘Predator’ iPhone Spyware

Related: New iOS Zero-Click Exploit Defeats Apple ‘BlastDoor’ Sandbox

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.