Apple
Paid spyware is one of the most difficult threats to combat. It targets an extremely small percentage of the world, which makes it statistically probable that most of us will see it. Still, it has a devastating impact that is disproportionate to the small number of people infected, as the advanced malware selects only the most influential people (think diplomats, political dissidents, and lawyers).
This puts device and software manufacturers in a difficult position. How do you build something to protect what is probably well under 1 percent of your user base against malware created by companies like NSO Group? click-free disclosures instantly transforming fully updated iOS and Android devices into advanced listening devices.
No safety snake oil here
On Wednesday, Apple previewed an ingenious option it plans to add to its flagship operating systems in the coming months to counter the paid spyware threat. The company clearly says – almost in your face – that Lockdown mode is an option that will disrupt the user experience and is only for a small number of users.
“Lockdown Mode offers an extreme, on-demand level of security for a very small number of users who could be personally targeted by some of the most sophisticated digital threats, such as the NSO Group and other proprietary threats, because of who they are or what they do, government-sponsored paid spyware developers,” company aforementioned. “Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further toughens device defenses and sharply limits certain functions, sharply reducing the attack surface that could potentially be exploited by highly targeted paid spyware.”
As Apple says, Lockdown mode disables all kinds of normally running protocols and services. Just-in-time JavaScript (an innovation that speeds performance by compiling code on the device during runtime) will not run at all. This is probably a defense against its use JiT sprayingis a common technique used in malware exploitation. While in lock mode, devices can also mobile device management used to install enterprise-specific custom software.
The full list of restrictions:
- Messages: Most types of message attachments except images are blocked. Some features like link previews have been disabled.
- Web browsing: Certain sophisticated web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless the user removes a trusted site from Lockdown Mode.
- Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
- Wired connections to a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be loaded and the device cannot register with mobile device management (MDM) while Lockdown Mode is on.
It’s helpful for Apple to be upfront about the extra friction Lockdown adds to the user experience, because it underlines what every security professional or hobbyist knows: Security always results in a tradeoff with usability. It’s also encouraging to hear about Apple’s plans to allow users to allow sites that are allowed to serve JIT JavaScript while in Lockdown mode. Apple can enable similarly allowed lists of trusted contacts.
Lockdown mode is a big deal for many reasons, not least because it comes from Apple, a company that is overly sensitive to customer perception. Officially acknowledging that their customers are vulnerable to the paid spyware scourge is a big step forward.
But the movement is big because of its simplicity and concreteness. No safety snake oil here. If you want better security, learn to do without the services that pose the biggest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about counseling victims of NSO spyware, aforementioned Lockdown mode provides one of the first effective courses that vulnerable people can watch without completely turning off their devices.
“When you inform users that they are being targeted with sophisticated threats, the inevitable ‘How can I make my phone more secure?’ they ask. He wrote.’ “We didn’t get a lot of great, honest answers that really made an impact. Hardening a consumer handset is really out of reach.”
3/ There is a common mental barrier between major platforms and OS developers when it comes to deploying high security features.
A lot of inevitable thoughts, such as:
– Worse user experience (especially against the competition!)
– Fracture properties
– More customer support resources needed, etc.— John Scott-Railton (@jsrailton) 6 July 2022
Now that Apple has opened the door, it’s inevitable that Google will do the same with its Android operating system, and it wouldn’t be surprising if other companies would follow suit. It can also initiate a useful industry discussion on broadening the approach. If Apple is going to allow users to disable spam from unknown contacts, why not offer the option to disable the built-in microphone, camera, GPS or cellular features?
One thing everyone should know about Lockdown mode is that it doesn’t prevent your device from connecting to cellular networks and issuing unique identifiers like IMEI and ICCID, at least as announced by Apple on Wednesday. This is not a criticism, just a natural limitation. And swaps are an essential part of security.
So if you’re like most people, you’ll never need Lockdown mode. But it’s great that Apple is offering it because it will make us all safer.
