Apple has said that it plans to release a new feature called ‘Lockdown Mode’ later this year that aims to add a new layer of protection for human rights advocates, political dissidents, journalists, and other targets of sophisticated hacking attacks by combating mercenary spyware.
Apple’s move comes after two Israeli firms exposed the flaws in Apple’s software to remotely break into iPhones without the target having to tap or click anything. The NSO Group, maker of the Pegasus software that can carry out such attacks, has been sued by Apple and placed on a trade blacklist by US officials.
Lockdown Mode is a separate operating system mode. To turn it on, users should enable the feature in the Settings menu and then are prompted to restart their device for all of the protections and digital defenses to completely take effect. The feature imposes certain limitations on the vulnerable parts of the OS. Lockdown Mode can comprehensively address threats from web browsing, for example, by blocking the speed and efficiency features that Safari (and WebKit) use to render webpages. Users can specifically mark a certain webpage as trusted so it loads normally, but by default, Lockdown Mode imposes a host of restrictions that extend anywhere WebKit is working behind the scenes. In other words, when you load web content in a third-party app or an iOS app like Mail, the same Lockdown Mode protections will apply.
Lockdown Mode also strengthens other protections. For example, when a device is locked, it won’t receive connections from anything physically plugged into it. And, specifically, a device that isn’t already registered with one of Apple’s enterprise Mobile Device Management (MDM) programs can’t be added to one of these schemes once your device is in Lockdown Mode. This means that if your company gives you a phone enrolled in the corporate MDM, it will remain active even if you enable Lockdown Mode. But if your phone is just a regular consumer device and you put it in Lockdown mode, you won’t be able to activate MDM. This is important because attackers will trick victims into enabling MDM as a way of gaining the ability to install malicious apps on their devices.
Apple representatives said that they believe sophisticated attacks the new feature is designed to fight — called “zero-click” hacking techniques — are still relatively rare and therefore most users will not need to activate the Lockdown mode. The new feature will be launched in Apple’s iPhones, iPads, and MacBooks this fall and when turned on, it will block most attachments that are sent to the iPhone’s Messages App.
To help strengthen the new feature, Apple has said that it will pay up to $2 million for each flaw that security researchers can find in the new mode, which Apple representatives said was the highest such “bug bounty” offered in the industry.
- Apple has Unveiled an Open-Source LLM Model - July 31, 2024
- Anthropic Has Released Claude 3.5 Sonnet to Rival GPT-4o and More - July 1, 2024
- China’s Text-to-Video AI Tool Emerges as a Competitor to Sora - June 24, 2024