Lockdown mode: Apple closes the bulkheads for those at risk of espionage

A new mode coming to iPhone, iPad and Mac is designed to ward off cyber threats through proactive measures. But that reduces the user experience.

 Lockdown mode: Apple closes the bulkheads for those at risk of espionage

Apple wants after several espionage affairs , in which journalists, civil rights activists and even high-profile politicians, among others, were bugged via the manufacturer’s devices.

Off to lockdown

With the next operating system versions for iPhone (iOS 16), iPad (iPadOS 16) and Mac (macOS 13 Ventura) there should be a new mode that seals the devices from the outside if you perceive yourself as a particularly vulnerable person. This is intended to make it less easy to exploit possible yet unknown security gaps in the operating systems, so-called zero days.

Apple currently specifies five different areas that should be better sealed when “Lockdown Mode” is active. But more can be added here, the new operating systems will appear in autumn. The messages app (iMessage) can no longer display “most types of message attachments” in lockdown – except for pictures. In addition, features such as the link preview will be disabled. This should help that gaps via attachments cannot be exploited so easily – Apple can control pure image format better.

Safari without JIT

In the Safari browser, which is the engine on iPhone and iPad WebKit is also inevitably included in every alternative web surfboard (e.g. Chrome and Firefox), “certain complex web technologies such as just-in-time JavaScript compilation (JIT)” should no longer run. This should reduce attack surfaces. However, there will be a whitelisting for trusted sites.

In the case of Apple services, “incoming invitations and service requests” from third parties with whom there has not yet been any communication should no longer be let through – this is apparently intended to make possible gaps in FaceTime unexploitable. Communication with another party is only allowed if a connection has already been established by the user. It is still unclear which apps this affects.

USB interface sealed

Apple wants to ward off dangers from physical connections via a USB-to-Lightning cable with a standard blockade in lockdown mode. Computers and accessories are no longer allowed to connect to the iPhone when it is “locked”. (The latter is somewhat confusing, however, because these actually have to be released now – details are likely to follow here as well.)

Apple has also defused Mobile Device Management (MDM), which is increasingly being abused as a gateway, in lockdown mode: No configuration profiles may then be installed and an MDM login is prohibited in the lockdown. All in all, these are certainly sensible measures that Apple advises people “who are at risk from targeted cyber attacks by private companies with state-sponsored spy software”. But they also make using the device more uncomfortable.

Money for non-profit, high bug bounty

In addition to the lockdown mode, which Apple describes as an “extreme[n], optional[ n] Protection for the very small number of users who are exposed to serious, targeted threats to their digital security”, the group also wants to invest more money in security research – and donate money.

10 million US dollars are to go to non-profit organizations – in addition to possible compensation payments from a lawsuit against the spyware company NSO Group. According to Apple, the first donation will go to the “Dignity and Justice Fund” set up by the Ford Foundation. The private foundation is committed to “promoting justice in the world,” according to Apple. In addition, a new bug bounty under Apple’s program of the same name is only available for attacks on lockdown mode: The sum is 2 million dollars, according to Apple “the highest bounty payout in the industry”.


Rate article
Leave a Reply