Apple has announced a new protection mechanism for particularly exposed users. Lockdown Mode promises a high level of security for specific users who, because of their person or work, may be personally targeted by sophisticated digital threats.
The NSO Group (Pegasus Spyware) and other private companies involved in the development of government-sponsored spyware often undetected threaten a small target group of important or high-level users. Therefore, Apple offers a new security mode: Enabling Lockdown Mode in iOS 16, iPadOS 16 and macOS Ventura further strengthens device defenses and severely restricts certain functions, greatly reducing the attack surface that could be exploited by targeted spyware. A comment by Christoph Hebeisen, Director Security Intelligence Research at the IT security provider Lookout: "The lockdown mode is a bundle of measures aimed at reducing the attack surface of mobile Apple devices."
Lockdown mode reduces attack surface
Exploitable vulnerabilities are often found in highly complex code such as JavaScript JIT compilation or video playback. Lockdown mode disables or restricts functionality that relies on such complex code, with a particular focus on functionality that can be triggered remotely and with little or no user interaction on the device. This limits the possibilities for attackers to exploit vulnerabilities that can be used to take control of the device. In particular, zero-click attacks—attacks that can take control of the device without user interaction—typically rely on functions that trigger automatically when messages or other data are received. Other parts of lockdown mode aim to limit what an attacker can do with physical access to a locked device.
Can Apple use it to fight new technologies?
While these measures certainly strengthen device security, it's important to remember that lockdown mode does not reduce the attack surface of third-party apps installed on the device, unless those apps also implement separate lockdown measures. Additionally, lockdown mode will inevitably limit the device's functionality and performance — a tradeoff some users might accept for a while, but the inconvenience creates an incentive to disable lockdown mode.
Lockdown mode reduces the amount of potentially vulnerable code available for attack, but if its use becomes common among users targeted by mobile surveillance malware, attackers will be forced to develop exploits that are able to take over a device in lockdown mode. Although probably not impossible, reducing the attack surface makes it more difficult, and therefore more expensive, to successfully attack Apple mobile devices.
How widespread is this problem in general?
Most users are unlikely to be the target of advanced attacks using zero-day exploits, regardless of the operating system on their device. The actors behind such attacks are usually law enforcement or intelligence agencies, although in many well-documented cases these surveillance tools have not been used against organized crime or terrorists, but against lawyers, politicians, journalists, human rights activists, or executives they suspected of being their own government or the government of another country.
What else needs to be done?
Last fall, the US Department of Commerce added NSO to the Entity List, limiting its ability to continue commercial operations. Given NSO's recent financial difficulties, the move appears to have helped limit their ability to do business, including doing business with countries known to have abused this technology in the past. More regulation and surveillance industry controls are needed to protect users worldwide from such threats.
Most of the time, iOS users who are not in an exposed position – and therefore not likely to be attacked with targeted threats – will not use lockdown mode due to the limitations it imposes on their device usage. Therefore, they do not benefit from the protection of lockdown mode. Modern mobile security software that is already available to everyone today can help protect users and devices from attacks, with or without lockdown mode enabled, and detect compromised mobile devices.”
More at Lookout.com
About Lookout Lookout co-founders John Hering, Kevin Mahaffey, and James Burgess came together in 2007 with the goal of protecting people from the security and privacy risks posed by an increasingly connected world. Even before smartphones were in everyone's pocket, they realized that mobility would have a profound impact on the way we work and live.