apple
Spyware for hire is one of the most difficult threats to combat. It targets an infinitesimal part of the world and makes it statistically unlikely that most of us will ever see it. However, because the sophisticated malware targets only the most influential individuals (diplomats, political dissidents, and lawyers), it has a disproportionately devastating effect on the small number of infected people.
This puts device and software manufacturers in a difficult position. How can you build something to protect even less than 1 percent of your user base from malware developed by companies like the NSO Group. clickless exploits which instantly turns fully updated iOS and Android devices into advanced bug devices.
No security snake oil here
Apple on Wednesday previewed an ingenious option it plans to add to its flagship operating systems in the coming months to counter the threat of mercenary spyware. The company is primarily – almost in your face – Lockdown mode will degrade the user experience and is only an option for a small number of users.
“Lockdown mode offers an extreme, optional level of security for a very small number of users who may be personally targeted by some of the most sophisticated digital threats, such as NSO Group and other private users, because of who they are or what they do. companies that develop government-sponsored mercenary spy programs,” he said he said. “Enabling Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further tightens device defenses and severely limits certain features, dramatically reducing the attack surface that can potentially be exploited by highly targeted spyware.”
As Apple says, Lockdown mode disables all types of protocols and services that work normally. Just-in-time JavaScript — an innovation that speeds up performance by compiling code on the device at runtime — won’t work at all. This is probably a defense against exploitation JiT-spray method, a common technique used in malware exploitation. When in lock mode, devices cannot register to what is also known as mobile device management used to install organization-specific software.
Here is the full list of restrictions:
- Messages: Most message attachment types except images are blocked. Some features like link previews have been disabled.
- Web browsing: Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless the user removes a trusted site from Lockdown Mode.
- Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously called or sent a request to the initiator.
- When iPhone is locked, wired connections to a computer or accessory are blocked.
- When Lockdown Mode is enabled, configuration profiles cannot be installed and the device cannot register with mobile device management (MDM).
It’s helpful that Apple is upfront about the extra friction that Lockdown adds to the user experience, because it underscores what every security professional or hobbyist knows: Security always results in usability. It’s also encouraging to hear that Apple plans to allow users to list the sites that are allowed to JIT JavaScript service while in Lockdown mode. Fingers crossed Apple can launch a similar whitelist of trusted contacts.
Lockdown mode is a big deal for a number of reasons, not the least of which is that it comes from Apple, which is sensitive to customer perception. Officially admitting that their customers are vulnerable to the scourge of mercenary spyware is a big step.
But this movement is great because of its simplicity and concreteness. No security snake oil here. If you want better security, learn to do without the services that pose the biggest threat. John Scott-Railton, a researcher at Citizen Lab, knows a thing or two about counseling victims of NSO spyware. he said Lockdown mode provides one of the first effective courses for vulnerable individuals to track their devices without turning them off completely.
“When users are told that sophisticated threats are being targeted, they inevitably ask, ‘How can I make my phone more secure?’ they ask the question. he wrote. ‘ “We haven’t had a lot of great, honest answers that really make an impact. Hardening a consumer phone is truly unattainable. “
3 / There is a common mental barrier between major platforms and OS developers around implementing high security features.
Many unavoidable considerations, such as:
– Worse user experience (especially against the competition!)
– Crushing properties
– More customer support resources required, etc.— John Scott-Railton (@jsrailton) July 6, 2022
Now that Apple has opened the door, it’s inevitable that Google will follow suit with Android OS, and it’s no surprise that other companies will follow suit. It may also start a useful discussion in the industry about scaling up the approach. If Apple is going to allow users to disable unwanted messages from unknown people, why can’t it provide an option to disable the built-in microphone, camera, GPS, or cellular capabilities?
One thing everyone should know about Lockdown Mode, at least as described by Apple on Wednesday, is that it doesn’t prevent your device from connecting to cellular networks and broadcasting unique identifiers like IMEI and ICCID. This is not a criticism, just a natural limitation. And concessions are a key part of security.
So, if you’re like most people, you’ll never need Lockdown Mode. But it’s great that Apple is offering this because it will make us all safer.
