Apple announced it is previewing a groundbreaking security capability that offers specialized additional protection to users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware. Apple is also providing details of its $10 million grant to bolster research exposing such threats.
From Apple’s announcement:
“Apple today detailed two initiatives to help protect users who may be personally targeted by some of the most sophisticated digital threats, such as those from private companies developing state-sponsored mercenary spyware. Lockdown Mode – the first major capability of its kind, coming this fall with iOS 16, iPadOS 16, and macOS Ventura – is an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security. Apple also shared details about the $10 million cybersecurity grant it announced last November to support civil society organizations that conduct mercenary spyware threat research and advocacy.”
Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and MacOS Ventura further hardens defenses and strictly limits certain functionalities sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.
At launch, Lockdown Mode includes the following protections:
Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
Web Browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
Apple Services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
Wired connections with a computer or accessory are blocked when iPhone is locked.
Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
Apple says it will continue to strengthen Lockdown Mode and add new protections to it over time. To invite feedback and collaboration from the security research community. Apple has also established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 – the highest maximum bounty payout in the industry.
Engadget reported that Lockdown Mode is to protect high-powered people who, because of their job, might be personally targeted by malware developed by the likes of NSO Group, which is behind Pegasus, or other state-backed groups. According to Engadget, Apple sued NSO Group last year to “hold it accountable” for states that target and spy on its users.
In short, most Apple users will not need to engage Lockdown Mode. It was made for people who are more likely to be targeted by nefarious groups who want to cause problems.