hacking

Key Points:

What’s the matter?

Apple is working on a new “Lockdown Mode” feature for its iPhones, iPads, and Desktops. NSO Group’s Pegasus-level hacking is what it’s meant to combat.

What’s at stake

Even though these attacks only affect a small subset of the population, the danger is rising. Human rights advocates, attorneys, politicians, and journalists throughout the world were targeted by Pegasus. During the previous eight months, Apple claims to have discovered similar assaults on users in 150 different countries worldwide.

What’s next?

In the following months, Lockdown Mode will be released for free by Apple, and the company has promised ongoing upgrades and enhancements. It has also increased its bug bounty program and launched a fund to promote deeper study into this problem.

Regarding mobile devices, Apple has long positioned its products as the safest and privacy-focused on the market. Lockdown Mode, a new feature available in the autumn, was announced last week to combat targeted hacking efforts like the Pegasus malware, which certain countries purportedly deployed against human rights activists, attorneys, politicians, and journalists throughout the world. Additionally, Apple offers grants of up to $10 million and a $2 million bug bounty to promote deeper study into this rising threat.

“Extreme” precautions, including preventing attachments and link previews in messages, potentially hackable web surfing technology, and incoming FaceTime calls from unknown numbers, are what Lockdown Mode is supposed to achieve, according to the tech giant. Lockdown Mode prevents new remote management software from being installed on Apple devices and prevents accessory connections until the device is unlocked. iOS 16, iPadOS 16, and MacOS Ventura all include a new feature already being tested by developers this summer and will be distributed to the general public in the fall.

Apple’s Lockdown mode for iPhones can be used in the following ways:

“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” said Ivan Krstić, Apple’s head of security engineering and architecture, in a statement. “Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks.”

Apple also announced a $10 million gift to the Ford Foundation’s Dignity and Justice Fund, which supports human rights and combats social repression in conjunction with the new Lockdown Mode.

Authoritarian regimes around the world have increased their targeted cyberattacks in recent years. Pegasus assaults, unlike broad ransomware or virus operations, are aimed at silent intelligence collection rather than indiscriminately spreading through residential and business networks.

A free software update addressed Pegasus in September, and then Apple sued NSO Group to prevent the corporation from creating and selling other hacking tools… Apple has also started issuing “Threat Notifications” to prospective victims of these “mercenary spyware” technologies. Since November, it has sent notices to people in around 150 different countries, even though the number of persons targeted by these efforts is tiny.

In recent years, other digital businesses have also taken a more proactive approach to security. In recent months, Microsoft has been working hard to eliminate passwords. By adding additional security layers to logins and downloads, Advanced Account Protection, a Google program, aims to help “anyone at an elevated risk of targeted online assaults” stay secure.

Apple has promised a big prize of up to $2 million for anybody who discovers a security flaw in Lockdown Mode. To begin with, it’s intended to disable computer functionality that may be useful but expose users to possible threats. This includes disabling font previews, link previews, and FaceTime calls from unknown numbers.

According to Apple officials, the business was trying to strike a compromise between usability and rigorous security measures. Applications that show webpages will follow the same limitations as Apple’s apps in the most current Lockdown Mode iteration that is being distributed to developers in a future test software update; however, individuals can preapprove specific websites to avoid Lockdown Mode if necessary. Devices in Lockdown Mode can’t communicate with accessories unless they are unlocked first.

Research Encouragement

In addition, Apple expects that a planned $10 million investment in the Dignity and Justice Fund would stimulate further study into these concerns and extend training and security checks for persons who could be targeted.

“Every day, we see these threts broadening and deepening,” said Lori McGlinchey, director of the Ford Foundation’s Technology and Society program, who is working with technical advisers, including Apple’s Krstić, to help direct the fund. “In recent years, state and non-state actors have used spyware to track and intimidate human rights defenders, environmental activists and political dissidents in virtually every region of the world.”

He believes Apple’s new Lockdown Mode will be a “huge blow” to spyware businesses and governments who rely on their goods since he is a political scientist and director of Citizen Lab cybersecurity researchers at the Munk School of Global Affairs and Public Policy at the University of Toronto.

“We’re doing all we can, alongside several investigative journalists working this beat, but that’s been it, and that’s a huge asymmetry,” he said, adding that Apple’s $10 million grant will help attract more work toward this issue. “You have an enormous industry that’s very lucrative and almost entirely unregulated, profiting from huge contracts from governments that have an appetite to engage in this type of espionage.”

As originally reported in CNET. https://www.cnet.com/tech/mobile/apples-new-lockdown-mode-for-iphone-fights-hacking-spyware/