Apple filed a lawsuit against ‘Pegasus’ spyware creator NSO Group last fall and announced it would be donating $10 million+ to organizations pursuing cyber-surveillance research and advocacy. Now taking the next step in combatting sophisticated spyware, Apple has announced a brand new “extreme” security feature called iPhone Lockdown Mode – coming to iPad and Mac as well – to help protect against targeted cyber attacks.
Apple detailed the brand-new iPhone Lockdown Mode that will be available to test in updated iOS 16, iPadOS 16, and macOS Ventura betas, along with its $10 million+ grant for cybersecurity in a Newsroom post today.
iPhone Lockdown Mode coming in iOS 16
Apple says that the opt-in iPhone Lockdown Mode is the first feature of its kind and will provide an extreme level of security. And truly isn’t meant for the average person. It’s made for the very very small percentage of users who might be specifically targeted by highly sophisticated threats such as nation-state-sponsored mercenary spyware, like the Pegasus attack.
With Lockdown Mode enabled on iPhone, iPad, or Mac, device functionality is limited to greatly reduce the “attack surface” of potential exploits and harden defenses.
Here’s how Apple describes the safety measures Lockdown Mode will take when it launches this fall:
- Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
- Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
- Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
- FaceTime: Incoming FaceTime calls from people you have not previously called are blocked.
- Shared Albums: Shared albums will be removed from the Photos app, and new Shared albums invitations will be blocked.
- Wired connections with a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
How to turn on iPhone Lockdown Mode
Note: iPhone Lockdown Mode will be available to test in an upcoming beta, check out our full guide on installing the iOS 16 beta
- Open the Settings app in iOS 16 or System Settings on macOS Ventura
- Choose Privacy & Security
- At the bottom, tap Lockdown Mode
- Now you can choose Learn More or Turn On Lockdown Mode
- Tap Turn On & Restart
- Presumably, head back to the same place to turn off Lockdown Mode
Lockdown Mode will be available to test in upcoming iOS 16, iPadOS 16, and macOS Ventura betas with the official launch coming in the fall. Apple says it plans to increase the strength of Lockdown Mode over time as well as add new protections.
iPhone Lockdown Mode security bounties
Apple is looking for collaboration and feedback from researchers and others in the security community. To help with that goal, the company has created a new category in the Apple Security Bounty Program to reward those who find Lockdown Mode bypasses and help strengthen the feature.
Notably, bounties will be doubled for qualified Lockdown Mode discoveries, up to a maximum of $2,000,000 — which Apple says is the highest maximum bounty payout in the industry.
Funding cybersecurity work
After first announcing its lawsuit against NSO Group and a $10 million plus damages commitment to supporting spyware research and activism last fall, Apple has shared that the Dignity and Justice Fund has been chosen as the recipient.
The Dignity and Justice Fund is a 501(c)(3) public charity created and advised by the Ford Foundation and designed to pool philanthropic resources to advance social justice globally.
“The global spyware trade targets human rights defenders, journalists, and dissidents; it facilitates violence, reinforces authoritarianism, and supports political repression,” said Lori McGlinchey, the Ford Foundation’s director of its Technology and Society program. “The Ford Foundation is proud to support this extraordinary initiative to bolster civil society research and advocacy to resist mercenary spyware. We must build on Apple’s commitment, and we invite companies and donors to join the Dignity and Justice Fund and bring additional resources to this collective fight.”
The non-profit will use the money for:
- Building organizational capacity and increasing field coordination of new and existing civil society cybersecurity research and advocacy groups.
- Supporting the development of standardized forensic methods to detect and confirm spyware infiltration that meet evidentiary standards.
- Enabling civil society to more effectively partner with device manufacturers, software developers, commercial security firms, and other relevant companies to identify and address vulnerabilities.
- Increasing awareness among investors, journalists, and policymakers about the global mercenary spyware industry.
- Building the capacity of human rights defenders to identify and respond to spyware attacks, including security audits for organizations that face heightened threats to their networks.
Read more about iPhone Lockdown Mode and the rest of today’s announcements in Apple’s Newsroom post.
Author: Michael Potuck
Source: 9TO5Google