This story is part of Focus iPhone 2022CNET’s collection of news, tips and advice on Apple’s most popular product.
Apple will offer a new “lockdown mode” for its iPhones, iPads and Mac computers. It is designed to combat advanced hacking and targeted spyware like NSO Group’s Pegasus.
Why it matters
Although these attacks only happen to a small group of people, the threat is growing. Pegasus has been used by repressive governments to spy on human rights activists, lawyers, politicians and journalists. Apple says it has identified similar attacks on people in 150 countries over the past eight months.
Apple will release lockdown mode for free later this year, with a public commitment to regular updates and improvements. The company has also expanded its bug bounty and set up a grant to encourage further research on the subject.
Apple has marketed its iPhones, iPads, and Macs as the most secure and privacy-focused devices out there for years. On Wednesday, it stepped up those efforts with a new feature rolling out this fall called Lockdown Mode, designed to combat targeted hacking attempts like the Pegasus malwarewhat repressive governments Reportedly used by human rights activists, lawyers, politicians and journalists. Apple also announced a $10 million grant and a bug bounty of up to $2 million to encourage further research into this growing threat.
The tech giant said lockdown mode is designed to enable “extreme” protections for its phones, such as: Examples include blocking attachments and link previews in messages, potentially hackable web browsing technologies, and incoming FaceTime calls from unknown numbers. Apple devices also won’t accept accessory connections unless the device is unlocked, and users won’t be able to install new remote management software on the devices while they’re also in locked mode. The new feature is already available in trial software used by developers this summer and will be released in the autumn as part of free iOS 16, iPad OS 16 and macOS Ventura.
“While the vast majority of users will never fall victim to highly targeted cyberattacks, we will work tirelessly to protect the small number of users that are,” said Ivan Krstic, Apple’s head of security engineering and architecture, in a statement. “Lockdown mode is a game-changing feature that reflects our unwavering commitment to protecting users from even the rarest and most sophisticated attacks.”
Along with the new lockdown regime, which Apple describes as an “extreme” measure, the company announced a $10 million donation to the Dignity and Justice Fund set up by the Ford Foundation to support human rights and address social oppression fight.
The company’s efforts to improve device security come at a time when the tech industry is increasingly facing targeted cyberattacks from oppressive governments around the world. Unlike widespread ransomware or virus campaigns, which are often designed to indiscriminately spread furthest and fastest into homes and corporate networks, attacks like the Pegasus one are designed to stealth information behind the scenes.
Last September, Apple sent out a free software update that turned to Pegasusand then it sues NSO Group in an effort to prevent the company from developing or selling more hacking tools. It also began sending “threat notifications” to potential victims of these hacking tools, which Apple calls “mercenary spyware.” The company said that while the number of people targeted by these campaigns is very small, it has notified people in about 150 countries since November.
Other technology companies have also expanded their approach to security in recent years. Google has developed an initiative called Advanced Account Protection designed for “anyone at increased risk of targeted online attacks” by adding extra layers of security Registrations and downloads. Microsoft has increasingly work on disposing of passwords.
Apple said it plans to extend lockdown mode over time and announced a error premium of up to $2 million for people who find vulnerabilities in the new feature. At the moment, it’s primarily designed to disable computer functions that can be helpful but expose people to potential attacks. These include disabling some fonts, link previews, and incoming FaceTime calls from unknown accounts.
Apple officials said the company was trying to strike a balance between ease of use and extreme protection, adding that the company is publicly committed to strengthening and improving the feature. In the latest iteration of lockdown mode being sent to developers in one go upcoming test software update, apps that display webpages follow the same restrictions as Apple’s apps, although users can pre-approve some websites to bypass lockdown mode if needed. People in lock mode must also unlock their device before it can connect to any accessory.
encouragement for more research
Additionally, Apple hopes a proposed $10 million grant to the Dignity and Justice Fund will help encourage more research on these issues and expand training and security clearances for people who may be affected.
“Every day we see these threats widening and deepening,” said Lori McGlinchey, director of the Ford Foundation’s Technology and Society program, which works with technical advisors like Apple’s Krstić to lead the fund. “In recent years, state and non-state actors have used spyware to track down and intimidate human rights defenders, environmental activists and political dissidents in virtually every region of the world.”
Ron Deibert, professor of political science and director of the Citizen Lab’s cybersecurity researchers at the Munk School of Global Affairs and Public Policy at the University of Toronto, said he expects Apple’s lockdown mode to deal a “major blow” to spyware companies and the Governments that rely on their products.”
“We’re doing everything we can along with a bunch of investigative journalists working on this beat, but that’s it, and that’s a huge asymmetry,” he said, adding that Apple’s $10 million grant will help attract more work to this problem. “They have a huge industry that’s very lucrative and almost completely unregulated, benefiting from huge contracts from governments that feel like engaging in this type of espionage.”