Security Experts:

Apple Adds 'Lockdown Mode' to Thwart .Gov Mercenary Spyware

Faced with a surge in state-sponsored mercenary spyware attacks targeting its flagship iOS platform, Apple plans to add a new 'Lockdown Mode' that significantly reduces attack surface and adds technical roadblocks to limit sophisticated software exploits.

The Cupertino, Calif. tech giant said the Lockdown Mode capability will be available on iOS 16, iPadOS 16, and macOS Ventura as "an extreme, optional protection for the very small number of users" who are targeted by governments for surveillance.

"Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple said in a note published Wednesday.

READ: Google: NSO Zero-Click 'Most Technically Sophisticated Exploit Ever Seen'

iOS Lockdown ModeAt launch, Apple said the new Lockdown Mode will include the following protections: 

• Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.

• Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.

• Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.

• Wired connections with a computer or accessory are blocked when iPhone is locked.

• Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

"Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks," said Ivan Krstić, Apple’s head of Security Engineering and Architecture. "While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are," Krstić added.

[ READ: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation ]

Apple also announced the creation of a new category within its bug bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000, the highest maximum bounty payout in the industry, the company said.

The device maker is also planning to offer a $10 million grant to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware. 

Apple's latest announcements are in response to a wave of zero-day attacks hitting iOS and macOS users with sophisticated exploits that plant high-end surveillance tools. The company has filed a lawsuit against notorious Israeli spyware maker NSO Group and added a new BlastDoor’ sandbox to protect its platform from zero-click exploits.

Related: Google: NSO  Zero-Click 'Most Technically Sophisticated Exploit Ever Seen'

Related: Secretive Israeli Exploit Company Behind Wave of Zero-Day Exploits 

Related: Apple Slaps Lawsuit on NSO Group Over Pegasus iOS Exploitation

Related: Citizen Lab Exposes Cytrox as Vendor Behind 'Predator' iPhone Spyware

Related: New iOS Zero-Click Exploit Defeats Apple 'BlastDoor' Sandbox

view counter
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a veteran cybersecurity strategist who has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan's past career as a security journalist included bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive's ZDNet, PCMag and PC World. Ryan is a director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world. Follow Ryan on Twitter @ryanaraine.