Apple devices to get ‘Lockdown Mode’ with extra defences against spyware

'Lockdown Mode' will be introduced later this year in updated versions of iOS and MacOS. Apple believes it could be particularly useful for human rights advocates, political dissidents and other targets of sophisticated hacking attacks.

“Apple makes the most secure mobile devices on the market. Lockdown Mode is a ground-breaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of security engineering and architecture.

“While the vast majority of users will never be the victims of highly targeted cyber attacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defences specifically for these users, as well as supporting researchers and organisations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

Turning on Lockdown Mode in iOS 16, iPadOS 16 and macOS Ventura will further harden a device's defences and strictly limit certain functionalities, in an effort to reduce the “attack surface” that could be exploited by spyware.

When the mode has been turned on, most message attachment types other than images will be blocked, alongside some advanced features like linkintr previews.

Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, will also be disabled unless the user excludes a trusted site from Lockdown Mode.

Incoming invitations and service requests, including FaceTime calls, will be blocked if the user has not previously sent the initiator a call or request.

Wired connections with a computer or accessory will be blocked when the iPhone is locked and configuration profiles cannot be installed.

Apple said it plans to further strengthen the mode over time, adding new protections to it. Apple has also established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000.

“The global spyware trade targets human rights defenders, journalists and dissidents; it facilitates violence, reinforces authoritarianism and supports political repression,” said Lori McGlinchey, the Ford Foundation’s director of its Technology and Society program.

“The Ford Foundation is proud to support this extraordinary initiative to bolster civil society research and advocacy to resist mercenary spyware.”

John Davis, director with the SANS Institute, said: “Contrary to popular belief, mobile malware less often relies on zero-day vulnerabilities, but more commonly leverages known, reported security loopholes, hoping to target unpatched systems or applications, to infiltrate and wreak havoc on mobile devices.

“Mobile users need to be wary of suspicious SMS/iMessage notes, or mechanisms around “overlay” applications. These are designed to look like legitimate applications, but instead contain trojans developed to steal user data to send to malicious third parties.”

“Apple’s Lockdown Mode could go a long way towards preventing spyware cyber attacks for its customers, but ultimately end users should remember best practices they learned on other digital platforms and keep up good habits when accessing, storing, and utilising sensitive information on mobile devices.

“If there are red flags, don’t ignore them – valuable information flows on phones every day, so if cyber criminals can access this, then it can potentially spell disaster for individuals or companies.”

Apple suffered a rough end to 2021, as the chip shortage cost it $6bn in lost sales during the company’s fiscal fourth quarter, falling short of Wall Street expectations.