Why Apple’s lockdown mode is one of the coolest security ideas


Written by admin




Hired spyware is one of the most difficult threats to combat. It targets an infinitesimal percentage of the world, making it statistically unlikely for most of us. And yet, because sophisticated malware only targets the most powerful people (diplomats, political dissidents, and lawyers, for example), its destructive effect falls far short of the small number of infected people.

This puts device and software manufacturers in a stalemate. How do you build something to protect what is probably well below 1 percent of your user base from malware created by companies like NSO Group, creator of proximity exploits that instantly turn fully updated iOS and Android devices into sophisticated listening devices.

There’s no security snake oil here

On Wednesday, Apple unveiled an original option that it plans to add to its flagship operating systems in the coming months to counter the menace of spy mercenaries. The company explicitly states – almost to your face – that blocking mode is an option that will degrade the user experience and is only for a small number of users.

“Lockdown mode offers an extreme extra layer of security for the very few users who, because of who they are or what they do, can be personally targeted by some of the most sophisticated digital threats, such as those from the NSO Group and other private companies developing sponsored government mercenary spyware,” the company said in a statement. “Enabling Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further enhances device security and severely restricts certain features, drastically reducing the attack surface that can potentially be exploited by highly targeted spyware for hire.”

As Apple states, lockdown disables all kinds of protocols and services that are running normally. Jin-in-time JavaScript — an innovation that improves performance by compiling code on the device at runtime — won’t work at all. This is likely to protect against the use of JiT spraying, a common technique used in the exploitation of malware. In lockdown mode, devices also cannot enroll in the so-called mobile device management, which is used to install company-specific software.

Full list of restrictions:

  • Messages. Most message attachment types other than images are blocked. Some features, such as link previews, are disabled.
  • Web Browsing: Some complex web technologies, such as JavaScript JIT compilation, are disabled unless the user removes the trusted site from blocking mode.
  • Apple Services: Incoming invitations and service requests, including FaceTime calls, are blocked unless the user has previously sent a call or request to the initiator.
  • Wired connections to a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed and the device cannot enroll in mobile device management (MDM) while lockdown mode is enabled.

It’s helpful that Apple is explicit about the extra friction that blocking adds to the user experience because it highlights what every security professional or hobbyist knows: security always comes at a trade-off with usability. It’s also encouraging to hear that Apple plans to allow users to whitelist sites that are allowed to use JIT JavaScript in block mode. Fingers crossed Apple may include a similar list of trusted contacts.

The lockdown mode is significant for many reasons, not the least of which is that it comes from Apple, a company that is very sensitive to customer perceptions. Officially admitting that her clients are vulnerable to mercenary spies is a big step.

But the move is great because of its simplicity and concreteness. There is no security snake oil here. If you want to improve your security, learn how to avoid the services that pose the greatest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about counseling NSO spyware victims, said Lockdown Mode is one of the first effective ways for vulnerable individuals to follow if not completely shutting down their devices.

“When you notify users that they have been exposed to sophisticated threats, they inevitably ask, “How can I make my phone more secure?” He wrote.’ “We didn’t have many great, honest answers that really made an impact. Strengthening the consumer phone is really unattainable.”

Now that Apple has opened the door, it’s inevitable that Google will follow suit with its Android OS, and it’s no surprise that other companies will follow suit as well. It could also be the start of a useful discussion within the industry about expanding the approach. If Apple will allow users to turn off unwanted messages from unknown people, why can’t it provide an option to turn off the built-in microphone, camera, GPS, or cellular capabilities?

One thing everyone should know about Lockdown Mode, at least as described by Apple on Wednesday, is that it doesn’t prevent your device from connecting to cellular networks and broadcasting unique identifiers like IMEI and ICCID. This is not a criticism, just a natural limitation. And compromises are a major part of security.

So, if you’re like most people, you’ll never need lockdown mode. But it’s great that Apple will offer it, because it will make us all safer.

#Apples #lockdown #mode #coolest #security #ideas



About the author


Leave a Comment