Apple has announced an expansion to its security arsenal with a new feature called Lockdown Mode, which will be introduced officially this fall with iOS 16, iPadOS 16 and macOS Ventura.
This optional feature will be of particular interest for individuals who might be at higher risk than the average user of a cybersecurity attack.
SEE: Mobile device security policy (TechRepublic Premium)
What exactly is the Lockdown Mode feature?
Lockdown Mode will provide an extreme, optional level of security for users who activate it. It will harden device defenses and strictly limit certain functionalities in order to strongly decrease the attack surface of the device and increase its protection against mercenary spyware (Figure A).
Two different kinds of attackers can be stopped with Lockdown Mode: Real spyware providers and hackers-for-hire. The latter tend to use less advanced techniques to try to compromise Apple’s devices but still represent a threat, while the professional companies active in the cybersurveillance business have more skills and capabilities for advanced attacks.
Once launched, the Lockdown mode will restrict devices in the following categories:
Most message attachment types other than images will be blocked. Link previews, amongst other features, will also be disabled. The idea here is to avoid having the user unsuspectingly open a file that could infect the device with malware.
Incoming invitations and services requests will be blocked if the user has not previously sent a call or request to the initiator. This way, the user can not be targeted via an unknown source of call or request.
Wired connections with a computer or accessory will be blocked when the iPhone is locked. This will prevent physical exploits that an attacker could use to attempt to take control of the device via network or device communication capabilities.
Configuration profiles will not be installed, and the device will not be able to enroll into mobile device management while Lockdown is turned on.
Apple also mentions they will continue adding new protections to the Lockdown Mode over time. A new Apple Security Bounty program has also been launched for the security research community to reward people who would find ways to bypass the Lockdown Mode and help improve its protections, up to a maximum of $2 million.
“Apple makes the most secure mobile devices on the market,” said Ivan Krstić, Apple’s head of security engineering and architecture. “Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks.”
Who should use Lockdown mode?
According to Apple, the feature has really been developed with the idea of protecting “the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from the NSO Group and other private companies developing state-sponsored mercenary spyware.”
Over the last two years, reports around the business of spyware and the companies behind it have increased greatly. The business of cybersurveillance or surveillance-for-hire, a polite way to refer to spying, is now extremely monitored and tracked by some of the major companies on the Internet like Meta and Google.
Helping research organizations
In addition to the announced release of Lockdown Mode, Apple also announced a $10 million USD grant to “support organizations that investigate, expose and prevent highly targeted cyberattacks.”
The grant will be made to the Dignity and Justice Fund, established and advised by the Ford Foundation — a private foundation dedicated to advancing equity worldwide — and designed to pool philanthropic resources to advance social justice globally. The Dignity and Justice Fund is a fiscally sponsored project of the New Venture Fund, a 501(c)(3) public charity.
Disclosure: I work for Trend Micro, but the views expressed in this article are mine.