Apple will be offering a new “Lockdown Mode” for its iPhones, iPads and Mac computers. It’s designed to fight hacking campaigns and targeted spyware like NSO Group’s Pegasus.
Why it matters
Although these attacks happen to a small group of people, the threat is growing. Pegasus was found to be used by repressive governments to spy on human rights activists, lawyers, politicians and journalists.
Apple plans to release Lockdown Mode for free later this year and is making a public commitment to continue improving it. The company’s also expanded bug bounties and grant programs to encourage further research towards this issue.
Apple for years has marketed its iPhones, iPads and Macs as the most secure and privacy-focused devices on the market. On Wednesday, it bolstered that effort with a new feature coming this fall called Lockdown Modedesigned to fight targeted hacking attempts like the which oppressive governments . It also announced a $10 million grant and up to $2 million bug bounty to encourage further research into such threats.
The tech giant said that Lockdown Mode is designed to add extra protections to its phones, such as blocking attachments and link previews in messages, potentially hackable web browsing technologies, and incoming FaceTime calls from unknown numbers. Apple devices will also not accept accessory connections unless the device is unlocked, and people can’t install new remote management software on the devices while they’re in Lockdown Mode as well. The new feature will be made available for testing softwareand released for free publicly in the fall.
“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” he said Ivan Krstić, Apple’s head of security engineering and architecture, in a statement. “Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks.”
Along with the new Lockdown Mode, which Apple calls an “extreme” measure, the company announced a $10 million grant to the Dignity and Justice Fundwhich was established by the Ford Foundation, to help support human rights and fight social repression.
The company’s efforts to enhance its device security come at a time when the tech industry is increasingly confronting targeted cyberattacks from oppressive governments around the world. Unlike widespread ransomware or virus campaigns, which are often designed to indiscriminately spread furthest and fastest through homes and corporate networks, attacks like those using Pegasus are designed for quiet intelligence gathering.
Last September, Apple sent out a free software update thatand then it in an effort to stop the company from developing or selling any more hacking tools. It also began sending “Threat Notifications” to potential victims of these hacking tools, which Apple calls “mercenary spyware.” The company said that while the number of people targeted in these campaigns is very small, it has notified people in about 150 countries since November.
Other tech companies have also expanded their approach to security in recent years. Google has an initiative called Advanced Account Protectiondesigned for “anyone who is at an elevated risk of targeted online attacks” by adding extra layers of safety to . Microsoft has been increasingly .
Apple said it plans to expand Lockdown Mode over time, and announced aof up to $2 million for people who find security holes in the new feature. For now, it’s designed primarily to disable computer features that may be helpful but that open people to potential attacks. That includes turning off some fonts, link previews and incoming FaceTime calls from unknown accounts.
Apple representatives said the company sought to find a balance between usability and extreme protection, adding that the company is publicly committed to strengthening and improving the feature. In the most recent iteration of Lockdown Mode, which is being sent to developers at the moment, apps that display webpages will follow the same restrictions that Apple’s apps follow, although people can pre-approve some websites to circumvent Lockdown Mode if needed. People in Lockdown Mode will also have to unlock their device before it’ll connect with accessories.
Encouraging more research
In addition, Apple said it hopes a planned $10 million grant to the Dignity and Justice Fund will help encourage more research on these issues and expand training and security audits for people who might be targeted.
“Every day we see these threats broadening and deepening,” said Lori McGlinchey, director of the Ford Foundation’s Technology and Society program, who is working with technical advisers including Apple’s Krstić to help direct the fund. “In recent years, state and non-state actors have used spyware to track and intimidate human rights defenders, environmental activists and political dissidents in virtually every region of the world.”
Ron Deiberta professor of political science and director of the Citizen Lab cybersecurity researchers at the Munk School of Global Affairs and Public Policy at the University of Toronto, said he expects Apple’s Lockdown Mode will be a “major blow” to spyware companies and the governments who rely on their products. “
“We’re doing all we can, alongside a number of investigative journalists working on this beat, but that’s been it, and that’s a huge asymmetry,” he said, adding that Apple’s $10 million grant will help attract more work toward this issue. “You have an enormous industry that’s very lucrative and almost entirely unregulated, profiting from huge contracts from governments that have an appetite to engage in this type of espionage.”