Apple plans to launch a new feature called “Lock Mode” that aims to add a new layer of protection for human rights defenders, political dissidents and other targets of sophisticated piracy attacks.
The announcement, made on Wednesday, comes after at least two Israeli companies exploited flaws in Apple’s software to remotely access iPhones without the target having to click or touch anything.
NSO Group, the maker of the “Pegasus” software that can carry out these attacks, has been sued by Apple and placed on a commercial blacklist by U.S. officials.
“Lock Mode” will hit Apple’s iPhones, iPads, and Macs this fall, and activating it will block most attachments sent to the iPhone Messages app.
“While the vast majority of users will never be the victims of highly targeted cyber attacks, we will work tirelessly to protect the small number of users who are,” said Ivan Krstić, head of security engineering and architecture at Apple. .
“This includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world who are doing important work to expose the mercenary companies that create these digital attacks.”
What will “Lock Mode” do?
Blocking mode will block various types of message attachments, disable link previews, disable certain web browsing technologies, block FaceTime invitations and calls from unknown sources, and disable the setting of new configuration profiles or registration in mobile device management (MDM).
The new mode will also block cable connections to iPhones when they are locked. Israeli company Cellebrite has used these manual connections to access iPhones, while security researchers believe NSO Group exploited a flaw in the way Apple handled message attachments.
Apple officials said they believe the sophisticated attacks for which the new feature is designed, called “zero-click” piracy techniques, are still relatively rare and that most users will not have to activate the new mode. .
Spyware companies have argued that they sell high-powered technology to help governments thwart national security threats. But human rights groups and journalists have repeatedly documented the use of spyware to attack civil society, undermine political opposition and interfere in elections.
To help tighten the new feature, Apple said it will pay up to $ 2 million (1.95 million euros) for each flaw that security researchers may find in the new mode, which Apple representatives said to say it was the highest “error reward” offered to the industry. .
Apple also said it is awarding a $ 10 million ($ 9.8 million) grant, plus possible proceeds from its lawsuit against NSO Group, to groups that find, expose and work to prevent targeted piracy.
Apple said the grant will go to the Dignity and Justice Fund established by the Ford Foundation, one of the largest private foundations in the United States.