Apple is taking steps to increase the security of people like journalists, activists and politicians with a new setup in iOS 16, iPadOS 16 and macOS Ventura called Lock Mode. This setting hardens the defenses of an iPhone, iPad, or Mac so that they disrupt the methods we’ve seen used to compromise devices for very specific attacks.
Blocking mode blocks many types of message attachments, disables link previews, disables certain web browsing technologies by default, blocks FaceTime invitations and calls from unknown sources, blocks wired connections to computers or accessories while the device is locked and turns off the ability to add. new configuration profiles or sign up for mobile device management (MDM).
These are the areas we know can be vulnerable, as the Google Zero Project team detailed how the iPhones of people targeted by Pegasus software could be compromised in a “zero click” scenario by using a GIF to exploit iMessage in the background. Other attacks have repeatedly targeted MDM solutions or used malicious websites to exploit rendering flaws, and the lock mode closes those doors from the start.
Lock mode screen in iOS 16 Image: Apple
Apple calls it an “extreme and optional” level of protection that is a clear response to the growing use of state-sponsored mercenary software like the Pegasus tool developed by NSO Group. Software tests have been found on devices from journalists like Jamal Khashoggi. According to Bloomberg reporter Mark Gurman, Apple has just released iOS 16 Developer Beta 3, which includes lock mode.
In recent years, Apple had been criticized for not working with security researchers to find and close flaws in its platforms as well as other major technology companies before launching an error reward program for iOS in 2016. Finally, it went expand the program to cover other devices in 2019. saying it would distribute special security research devices to outside researchers.
According to Apple’s head of security engineering and architecture, Ivan Krstić, “While the vast majority of users will never be the victims of very specific cyber attacks, we will work tirelessly to protect the small number of users who are. This includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world who are doing critical work to expose the mercenary companies that create these digital attacks. “
While introducing the new operating systems at WWDC 2022 in June, Apple said its new security fast response feature will allow patches for security flaws to be applied more quickly and can take effect on a Mac without requiring a restart. iOS 16 and macOS Ventura will also include support for new password key technology that will help eliminate the use of passwords.
Other tech companies have made similar efforts in certain ways, such as Google’s advanced protection program for their accounts or the Super Duper safe mode that Microsoft began testing on Edge last fall. Some small businesses have also tried to offer hardened Android devices that promise protection against various vulnerabilities, but the lock mode is a new level of security that will be available to millions of people once the new software updates are released. later this year.
Even with these protections, finding vulnerabilities in the operating systems that control so many devices is a valuable endeavor, and Apple says it’s doubling the reward for “qualifying discoveries” in lock mode to $ 2 million, which it says is the highest maximum reward pay in the industry. Apple also says that any damages awarded to it for a lawsuit filed last fall against NSO Group will be added to a $ 10 million grant to support organizations that “investigate, expose and prevent very specific cyberattacks, including created by private state-sponsored developing companies “. mercenary spyware “.