Apple announces Lockdown Mode to protect against “state-sponsored mercenary spyware”

Apple has announced a new feature for iOS 16, iPadOS, and MacOS Ventura to increase security for those frequently targeted by spyware.

According to Apple, the new setting — dubbed Lockdown Mode — offers an optional level of security for users targeted by the most sophisticated digital threats, including those from the NSO Group such as Pegasus.

“Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” Apple’s head of security engineering and architecture, Ivan Krstić, said.

He added that the company’s commitment includes continuing to bolster defences for users and supporting researchers and organisations working to expose the companies that design the malicious software.

Apple says the feature will be launched with iOS 16 later this year.

Based on previous launches, it will likely be some time in September and will roll out with the following protections:

• Messages: Most message attachments, excluding images, will be blocked. Features like link previews will be disabled.
• Web browsing: Specific web technologies, such as just-in-time (JIT) JavaScript compilation, will be disabled unless the iOS user excludes a trusted website from Lockdown Mode.
• Apple services: Invitations and service requests, such as FaceTime calls, are blocked unless the user has already called the initiator or sent them a request.
• Wired connections to a computer or peripheral accessory will be blocked when the iPhone is locked.
• Lockdown Mode won’t allow the installation of configuration profiles, and the device won’t be able to enrol into mobile device management when the mode is enabled.

While some may argue that this level of protection is overkill, spyware exploits like Pegasus have been used to target journalists, politicians, and human rights activists.

In August 2021, an updated Pegasus spyware exploit, designed and deployed by the NSO Group, was found on a Bahrani activist’s iPhone.

Researchers at Citizen Lab determined that the phone had been infected with the spyware since February 2021.

“Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place,” Krstić said at the time.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”

“While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”

Now read: Spotify bug prevents app from loading on Android