Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

'Lockdown Mode' As Apple Ramps Up Security Against State-Sponsored Hacking

Anything that is connected to the internet, can be a target. But different target is valued differently, and this is where Mercenary Spyware is the most dangerous.

Mercenary spyware is one of the hardest threats to combat, simply because it targets an extremely small percentage of the internet's population.

Those that can be included in this small percentage of people, are country leaders, diplomats, political dissidents, lawyers, high net worth individuals, and some others.

Mercenary spyware doesn't target the 99.9% of the population. It only targets that 0.1%, for a sum of money, hence the name "mercenary."

While most people can certainly breathe a sigh of relief, tech companies are becoming increasingly worried.

They're asking themselves, "how can you build something to protect only a tiny miniscule amount of people from state-sponsored hackers, like the Israeli NSO Group, which creates malware that exploits even the most up-to-date mobile operating systems, but without annoying the majority of users?"

Apple has an answer: strictly limiting user experience and software capabilities, by giving users a choice to activate it.

The company calls it the 'Lockdown Mode'.

"Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware," the company said in a newsroom post.

"Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware."

Apple is known to have a very appealing design language that integrates throughout its apps within its ecosystem, from the way things work at the frontend, to the way the way things work in the backend.

Lockdown Mode restrict many of those.

According to Apple, Lockdown Mode disables all kinds of protocols and services that run normally.

When Lockdown Mode is turned on:

  1. Most message attachment types other than images are blocked. Some features, like link previews, are also disabled.
  2. Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  3. Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  4. Any connection attempt using wired or accessory is blocked when the device is locked.
  5. Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM).

The Lockdown Mode further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware. (Credit; Apple)

Apple plans to add more over time.

Apple said that it is also expanding its Security Bounty program. Researchers who find weaknesses in Lockdown Mode and help Apple make it more secure will be eligible for rewards of up to $2 million.

Apple is upfront about degrading user experience because it underscores what every security professional or hobbyist knows: security always results in a trade-off with usability.

The more usable something is, the wider the attack surface it will have. In contrast, by severely limiting usability, Apple can ensure that users are a lot safer from hackers.

It's encouraging though, since Apple allows users to whitelist things.

Lockdown mode is a big deal for lots of reasons.

First, it's because it comes Apple, a company that has become sensitive about customer perception. And second, it's because it's a sign that Apple is officially acknowledging that even a 0.1% of its customers is worth defending.

"While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks," said Ivan Krstić, Apple’s head of Security Engineering and Architecture.

Published: 
07/07/2022
News
Apple
Security
Privacy
Review
Trends


This post first appeared on Eyerys | Eyes For Solution, please read the originial post: here

Share the post

'Lockdown Mode' As Apple Ramps Up Security Against State-Sponsored Hacking

×

Subscribe to Eyerys | Eyes For Solution

Get updates delivered right to your inbox!

Thank you for your subscription

×