Why Apple’s Lockdown Mode Is One of the Coolest Security Ideas Ever

Apple

Mercenary spyware is one of the most difficult threats to combat. It targets an infinitesimally small percentage of the world, which makes it statistically unlikely for most of us to see it. And yet, because sophisticated malware selects only the most influential people (like diplomats, political dissidents, and lawyers), it has a devastating effect far out of proportion to the small number of people infected.

This puts device and software makers in a bind. How do you create something to protect what is probably well under 1% of your user base from malware created by companies like NSO Group, creator of no-click exploits that instantly convert iOS and Android devices fully upgraded to sophisticated listening devices.

No safety snake oil here

On Wednesday, Apple previewed an ingenious feature it plans to add to its flagship operating systems in the coming months to counter the threat of mercenary spyware. The company is upfront – almost in your face – that Lockdown Mode is an option that will degrade the user experience and is only intended for a small number of users.

“Lockdown mode provides an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those NSO Group and other companies developing state-sponsored mercenary spyware,” the company said. “Enabling Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further bolsters device defenses and Severely limits certain features, greatly reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware.”

As Apple says, Lockdown Mode disables all kinds of protocols and services that work normally. Just-In-Time JavaScript, an innovation that speeds up performance by compiling code on the device during runtime, won’t work at all. This is likely a defense against the use of JiT spraying, a common technique used in malware exploitation. In lockdown mode, devices also cannot enroll in so-called mobile device management used to install special organization-specific software.

The full list of restrictions is as follows:

  • Messages: Most types of message attachments other than pictures are blocked. Some features, such as link previews, are disabled.
  • Web browsing: Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from lockdown mode.
  • Apple Services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not already sent a call or request to the initiator.
  • Wired connections to a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed and the device cannot enroll in mobile device management (MDM) when lockdown mode is enabled.

It helps that Apple is upfront about the extra friction the lockdown adds to the user experience, as it underlines what any security professional or hobbyist knows: security always comes at a trade-off with usability. It’s also encouraging to learn that Apple plans to allow users to authorize authorized sites to serve JIT JavaScript in Lockdown mode. Fingers crossed Apple could enable a similar permission list of trusted contacts.

Lockdown mode is a big deal for many reasons, not the least of which is that it comes from Apple, a company that’s hypersensitive to customer perception. Officially acknowledging that its customers are vulnerable to the scourge of mercenary spyware is a big step.

But the movement is great because of its simplicity and concreteness. No safety snake oil here. If you want better security, learn to do without the services that pose the greatest threat. John Scott-Railton, a Citizen Lab researcher who knows a bit about advising victims of NSO spyware, said Lockdown Mode provides one of the first effective courses for vulnerable people to take, without completely shutting down their devices.

“When you inform users that they have been targeted by sophisticated threats, they inevitably ask ‘How can I make my phone more secure?’ he wrote.’ “We haven’t had a lot of good, honest answers that really have an impact. Strengthening a mainstream handset is really out of reach.”

Now that Apple has opened the door, it’s inevitable that Google will follow suit with its Android operating system and it wouldn’t be surprising if other companies are also lining up. It can also start a useful discussion in the industry about broadening the approach. If Apple allows users to opt out of unsolicited messages from unknown people, why can’t it provide an option to disable the built-in microphone, camera, GPS, or cellular capabilities?

One thing everyone should know about Lockdown Mode, at least as described by Apple on Wednesday, is that it doesn’t prevent your device from connecting to cellular networks and broadcasting unique identifiers like IMEI and ICCID. . This is not a criticism, just a natural limitation. And compromises are at the heart of security.

So if you’re like most people, you’ll never need lockdown mode. But it’s great that Apple offers it, because it will make us all safer.

Comments are closed.