Apple has dealt a heavy blow to hiring “Surveillance as a Service” industry by introducing a new, highly secure blocking mode to protect people most at risk of targeted attacks. The company is also offering millions of dollars to support research to uncover such threats.
Starting with iOS 16, iPadOS 16, and macOS Ventura, and available now in the latest beta versions only for developers, Lock Mode increases security protection and sometimes limits functionality abused by state-sponsored surveillance hackers. Apple describes this protection as “drastically reducing the attack surface that can potentially be used by targeted spyware.”
In recent years, a series of targeted espionage attacks on journalists, activists and others has been exposed. Names such as Pegasus, DevilsTongue, Predator, Hermit and NSO Group have undermined trust in digital devices and exposed the risk of semi-private organizations and the threat they pose to civil society. Apple has made no secret of its opposition to such practices. filing a lawsuit against the NSO group in November and vowed to oppose the practice whenever possible.
“Apple’s recently released Lockdown Mode will reduce the attack surface, increase costs for spyware firms, and thus make it much more difficult for repressive governments to hack high-risk users,” said John Scott-Railton, senior researcher Civil laboratory at the Munk School of Global Affairs and Public Policy at the University of Toronto.
“Congratulations [Apple] for ensuring the protection of human rights defenders, heads of state, lawyers, activists, journalists, etc.” tweeted EFF, the privacy advocacy group.
What does lock mode do?
Currently, according to Apple, Locked Mode provides the following protections:
- Posts: Most types of message attachments, except images, are blocked. Some features, such as link previews, are disabled.
- Apple Services: Incoming invitations and requests for services, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
- Wire connections with a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed and the device cannot register with Mobile Device Management (MDM) when Lock Mode is enabled.
Ivan Krstic, Apple’s head of security and architecture, notes that the lock mode can be applied to devices that are already enrolled in the MDM service. “Previous MDM enrollment is preserved when you enable lock mode,” he said tweeted.
The company says it intends to expand the protections Lockdown provides over time, and has invested millions in security research to help identify weaknesses and improve the integrity of those protections.
How to enable lock mode
- Lock mode is enabled in Settings on iPhone and iPad and in System settings on macOS.
- You will find it as an option in the Privacy and securityare listed at the bottom of the page.
- Click Lock mode and you will be told that it provides “Extreme optional protection that should only be used if you believe that you personally may be the target of a very sophisticated cyber attack. Most people never experience this kind of attack.”
- Hints also warn users that some features will no longer work the way you’re used to. Shared albums will be removed from Photos, and invitations will also be blocked.
What is the scale of this threat?
These attacks are not cheap, which means that most people are unlikely to be targeted. Apple began sending out threat notifications to potential Pegasus victims shortly after it was discovered, and says the number of people targeted by such campaigns is relatively small.
However, the scope is international, and as of November 2021, the company has warned people in approximately 150 countries. BBC report confirms the leak of hundreds of targets and tens of thousands of phone numbers as a result of the Pegasus NSO alone. Including victims journalists, politicians, civil society defenders, activists and diplomats, so although their number is small, the terrible impact of such surveillance is great.
I believe that such technologies will become cheaper and more accessible over timeso it is it’s only a matter of time before they start spreading. After all, the very existence of such attacks – state or not — makes the whole world less safe, not safer.
“There is now incontrovertible evidence from research by Citizen Lab and other organizations that the mercenary surveillance industry contributes to the spread of authoritarian practices and massive human rights abuses around the world,” said the director of Citizen Lab. Ron Deibert Art statement. Deibert said CNET he believes the lockdown will deal a “serious blow” to spyware companies and governments that use their products.
“While the vast majority of users will never fall victim to targeted cyberattacks, we will work tirelessly to protect a small number of users,” Apple’s Krstic said in statement. “This includes continuing to develop protections specifically for these users, as well as supporting researchers and organizations around the world who are doing the critical work of exposing the mercenary companies that create these digital attacks.”
No doubt Microsoft and Google will also take steps to ensure similar protections for users. Google and Meta already offer tools to protect the accounts of those at “increased risk of targeted online attacks,” but those tools don’t go as far as lockout mode.
an apple‘investment in security
Apple already does a large investment in security. For example, the company is working with others in the industry to support password-less authentication built-in IP masking tools and continues to focus on user privacy.
The company will present a Rapid response security feature for its devices this fall that will allow security patches to be deployed outside of full security updates and more. Apple even invests in improving the security of programming languagesfurther eroding potential attack surfaces.
The company has now announced further investments in the security community:
- Apple has also created a new category under the Apple Security Bounty program to reward researchers who find lock mode bypasses and help improve its protection. Bounties are doubled for qualifying results in lockout mode, up to a maximum of $2,000,000, the highest maximum payout in the industry.
- Apple is also providing a $10 million grant plus damages received from the company the lawsuit he is pursuing against the NSO Group, to support organizations that investigate, detect and prevent targeted cyber-attacks, including those created by private companies that develop government-sponsored mercenary spyware. He donates this money to the Ford Foundation “Dignity and Justice” Foundation..
What will the Dignity and Justice Foundation do?
The foundation will issue its first grants later this year, initially focusing on initiatives to expose mercenary use of spyware. In a press release announcing the initiative, Apple tells us that these grants will focus on:
- Building organizational capacity and improving on-the-ground coordination of new and existing civil society research and advocacy groups in the field of cybersecurity.
- Support the development of standardized forensic methods for detecting and confirming spyware penetration that meet standards of evidence.
- Allowing civil society to work more effectively with device manufacturers, software developers, commercial security firms and other relevant companies to identify and address vulnerabilities.
- Raising awareness among investors, journalists and policy makers of the global mercenary spyware industry.
- Enhancing the ability of law enforcement to detect and respond to spyware attacks, including security audits for organizations facing increased threats to their network
A global technical advisory committee will advise on the fund’s grantmaking strategy. Original members include Daniel Bedoya Arroyodigital security services platform analyst Access now; Director of Citizen Lab Ron Deibert; Paolo Mosoassociate director of St Engine compartment; Rasha Abdul Rahimdirector of St Amnesty Tech at Amnesty International; and Krstic from Apple.
Lori McGlinchey, director of the Ford Foundation’s Technology and Society Program, said:
“Global trade in spyware targets human rights defenders, journalists and dissidents; it promotes violence, strengthens authoritarianism, and supports political repression. The Ford Foundation is proud to support this extraordinary initiative to support civil society research and advocacy against paid espionage programs. We must build on Apple’s commitment, and we invite companies and donors to join the Dignity and Justice Foundation and bring additional resources to this collective fight.”
What else can be done?
After revelations about NSO Group last year, Apple published a set of recommendations to help users reduce such risks. These recommendations don’t even come close to the robust protection you can expect from lock mode, but it makes sense for everyone to follow these practices:
- Update your devices to the latest software version that includes the latest security fixes.
- Protect your devices with a password.
- Use two-factor authentication and a strong password for your Apple ID.
- Install apps from the App Store.
- Use strong and unique passwords online.
- Do not click on links or attachments from unknown senders.
Copyright © 2022 IDG Communications, Inc.