Mercenary spyware is one of the most difficult threats to combat. It targets an infinitesimally small percentage of the world, which makes it statistically unlikely for most of us to see it. And yet, because sophisticated malware selects only the most influential people (like diplomats, political dissidents, and lawyers), it has a devastating effect far out of proportion to the small number of people infected.
This puts device and software makers in a bind. How do you create something to protect what is probably well under 1% of your user base from malware created by companies like NSO Group, creator of no-click exploits that instantly convert iOS and Android devices fully upgraded to sophisticated listening devices.
No safety snake oil here
On Wednesday, Apple previewed an ingenious feature it plans to add to its flagship operating systems in the coming months to counter the threat of mercenary spyware. The company is upfront – almost in your face – that Lockdown Mode is an option that will degrade the user experience and is only intended for a small number of users.
“Lockdown mode provides an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those NSO Group and other companies developing state-sponsored mercenary spyware,” the company said. “Enabling Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further bolsters device defenses and Severely limits certain features, greatly reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware.”
The full list of restrictions is as follows:
- Messages: Most types of message attachments other than pictures are blocked. Some features, such as link previews, are disabled.
- Apple Services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not already sent a call or request to the initiator.
- Wired connections to a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed and the device cannot enroll in mobile device management (MDM) when lockdown mode is enabled.
Lockdown mode is a big deal for many reasons, not the least of which is that it comes from Apple, a company that’s hypersensitive to customer perception. Officially acknowledging that its customers are vulnerable to the scourge of mercenary spyware is a big step.
But the movement is great because of its simplicity and concreteness. No safety snake oil here. If you want better security, learn to do without the services that pose the greatest threat. John Scott-Railton, a Citizen Lab researcher who knows a bit about advising victims of NSO spyware, said Lockdown Mode provides one of the first effective courses for vulnerable people to take, without completely shutting down their devices.
“When you inform users that they have been targeted by sophisticated threats, they inevitably ask ‘How can I make my phone more secure?’ he wrote.’ “We haven’t had a lot of good, honest answers that really have an impact. Strengthening a mainstream handset is really out of reach.”
3/ There is a common mental barrier among major platforms and OS developers around integrating high security features.
Lots of unavoidable considerations, like:
– Worst user experience (especially compared to the competition!)
– Breaking Features
– No more customer support resources required, etc.
— John Scott-Railton (@jsrailton) July 6, 2022
Now that Apple has opened the door, it’s inevitable that Google will follow suit with its Android operating system and it wouldn’t be surprising if other companies are also lining up. It can also start a useful discussion in the industry about broadening the approach. If Apple allows users to opt out of unsolicited messages from unknown people, why can’t it provide an option to disable the built-in microphone, camera, GPS, or cellular capabilities?
One thing everyone should know about Lockdown Mode, at least as described by Apple on Wednesday, is that it doesn’t prevent your device from connecting to cellular networks and broadcasting unique identifiers like IMEI and ICCID. . This is not a criticism, just a natural limitation. And compromises are at the heart of security.
So if you’re like most people, you’ll never need lockdown mode. But it’s great that Apple offers it, because it will make us all safer.