Business

Apple’s Lockdown Mode targets NSO Pegasus spyware


The spyware, called Pegasus, is complex. In short, it operates by taking advantage of zero-day, zero-click exploits on iPhones and Android phones. Zero-day exploits are exploits that are not known to the phone makers yet, and which often can be installed remotely on a target’s phone via a simple text message or other sent link, no user interaction required (thus, “zero-click”). Once Pegasus is installed, virtually everything a target does on the phone can be accessed and monitored by the NSO customer targeting the user.

NSO’s Pegasus spyware has been called a threat to democracy. Its use in targeting journalists and human rights activists is one of the reasons Apple has filed a lawsuit against the company, seeking to ban it from using Apple’s products and services. That would make it much harder for NSO to find zero-day exploits on Apple devices.

But Apple isn’t only counting on the courts in its battle against NSO Group, Pegasus, and spyware makers everywhere. The company has announced that it will soon launch a new feature on its iPhones, iPads, and Macs called “Lockdown Mode.”

Shipping this fall as part of iOS 16, iPadOS 16, and macOS Ventura, the feature is what Apple calls an “extreme” solution for those who may be targeted by Pegasus and other highly advanced spyware. You can see why Apple considers Lockdown Mode extreme: when users activate it, many of the features of their iPhone will become inoperable.

Here’s how it works: If users believe they may be at risk of, or are notified that they are victims of a spyware attack (something Apple has been doing since November 2021), they can quickly enable Lockdown Mode, which is located in the Privacy & Security section of the Settings app. Once users select Lockdown Mode, their iPhone, iPad, or Mac will restart and the following features will be unavailable:

  • All message attachments in the Messages app—except for photos—from all senders
  • FaceTime calls from people you have not FaceTimed before
  • Various web browsing technologies are blocked, including advanced technologies such as just-in-time (JIT) JavaScript compilation
  • Shared photo albums and new Shared Albums requests in the Photos app
  • Wired connections from an iPhone to another device (via a USB cable), if the iPhone is locked
  • Invitations in Apple Services from people you have not interacted with before
  • Configuration profiles, such as those used by VPNs or school networks

What these blocked features have in common is they are frequently the vectors by which zero-day, zero-click exploits are delivered.

Thankfully, most Apple users will never have to worry about Lockdown Mode: Most people are unlikely to be targeted by highly complex spyware, such as Pegasus. However, for those who are at risk, Lockdown Mode should a huge boon, as it quickly locks down all the currently known spyware entry paths to an iPhone.

[Photo: Apple]

Trouble ahead

In the coming years, global military or mercenary-grade spyware use is only expected to increase, potentially threatening the safety, or very lives, of thousands of journalists and human rights activists. Apple says it’s already detected the use of spyware against its users from 151 countries around the world. However, the company would not disclose just how many users have been targeted, citing its ongoing litigation against the NSO Group.

On the positive side, Apple says that Lockdown Mode in its current form would have successfully thwarted all attempted Pegasus spyware attacks in the past, based on all currently known exploit vectors. Yet Apple does acknowledge that the fight against spyware is a cat-and-mouse game. That’s why Lockdown Mode is expandable: As new exploits are detected in the future, Apple will adapt the feature to fight them.

Lockdown Mode is available in the current developer betas of iOS 16, iPadOS 16, and MacOS Ventura and will ship to all users with the public release of those operating systems this fall. Announcing the feature, Apple’s head of security engineering and architecture, Ivan Krstić, said, “Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks. While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are.”





Source link

Leave a Reply

Your email address will not be published.