Apple has announced a new “Lock Mode” for iPhones, iPads and Macs to protect itself from Pegasus-style cyber attacks.
Blocking mode is an optional protection for users facing “serious, targeted threats to their digital security,” such as journalists and activists, Apple said.
When a device is in lock mode, applications, websites, and features are restricted for security reasons, and others are completely disabled.
For example, most message attachment types in the Messages application other than images are blocked and other features, such as link previews, are turned off.
Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
The new mode also blocks access to an iPhone when connected to a computer or accessory.
The lock mode will be released this fall with iOS 16, the new software update from the technology giant, announced last month.
The lock mode will be released this fall with iOS 16, the new software update from the technology giant
ACTIVATE LOCK MODE
– On iOS, go to Settings
– Tap “Privacy & security”
– Tap “Lock mode”
– Select “Activate lock mode”
(Lock mode will be available on iOS 16)
Apple said the lock mode is “extreme” and “optional” protection for “the very small number of users who face serious and targeted threats to their digital security.”
It provides protection to users at risk of cyberattacks from private companies that develop state-sponsored “spyware”: software that steals information from a device.
Spyware is a specific type of malware (malware) that steals information from a computer and sends it to a third party without the person’s knowledge.
One example is Pegasus spyware, which has already been used by governments to spy on world leaders, politicians, journalists, activists and dissidents, and other high-profile figures.
Made by the Israeli firm NSO Group, Pegasus is a powerful tool that allows your operator to infiltrate a target’s phone and sweep its contents, including messages, contacts and location history.
Pegasus’ targets include Hanan Elatr, the wife of Saudi Washington Post journalist Jamal Khashoggi, who was killed by a Saudi squad in 2018, and Roula Khalaf, editor of the Financial Times.
“Lock mode is an innovative capability that reflects our unwavering commitment to protecting users from even the rarest and most sophisticated attacks,” said Ivan Krstić, head of engineering and security architecture at Apple.
“While the vast majority of users will never be the victims of highly targeted cyber attacks, we will work tirelessly to protect the small number of users who are.
Apple said the lock mode is an extreme and optional protection for “the very small number of users who face serious and targeted threats to their digital security.”
Israeli firm NSO’s Pegasus spyware has already been used by governments to spy on journalists, activists and dissidents (archive photo)
LOCKED MODE FEATURES
At launch, lock mode includes the following:
– Messages: Most message attachment types other than images are blocked. Some features, such as link previews, are turned off.
– Web browsing: Certain complex web technologies, such as just-in-time JavaScript (JIT) compilation, are turned off unless the user excludes a trusted site from blocking mode.
– Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
– Cable connections to a computer or accessory are blocked when the iPhone is locked
– Configuration profiles cannot be installed and the device cannot be registered in mobile device management.
“This includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world who are doing important work to expose the mercenary companies that create these digital attacks.”
The Apple giant listed five lock mode features available at launch, but said it will look to continue strengthening the tool over time with additional features.
It will also reward researchers who find flaws in blocking mode, which will help make it more resilient and better protect users.
The tech company has said it is doubling the security rewards it offers researchers who find flaws in the lock mode – up to $ 2 million (£ 1.7 million), which is the highest reward payout of the sector.
Ron Deibert, director of the University of Toronto’s Citizen Lab, said there is “undeniable evidence” that the mercenary surveillance industry is facilitating the spread of “authoritarian practices and massive human rights abuses.”
“I applaud Apple for establishing this important grant, which will send a strong message and help encourage independent investigators and advocacy organizations that hold mercenary spyware vendors accountable for the damage they are inflicting on innocent people,” he said.
Christoph Hebeison, San Francisco-based security intelligence research director at Lookout, said the blocking mode will not reduce the “attack surface” of third-party applications unless they applications also implement separate blocking measures.
In addition, the functionality and performance of the user’s device may be limited in lock mode.
“This may be compensation that some users will be willing to accept for a while, but the inconveniences will create an incentive to disable lock mode,” Hebeison said.
Apple also announced that it will fund a $ 10 million (£ 8.4 million) grant to support organizations that investigate, expose and prevent more targeted cyberattacks and spyware attacks.
The grant is being donated to the Fund for Dignity and Justice, which was established and is advised by the Ford Foundation, an organization that aims to advance equity globally.
PEGASUS: HOW THE POWERFUL SPY SOFTWARE USED TO MAKE JOURNALISTS WORKS
Pegasus is a powerful “malware” developed by the Israeli security company NSO Group.
This particular form of malware is known as “spyware,” meaning it is designed to collect data from an infected device without the owner’s knowledge and forward it to a third party.
Although most spyware has limited scope (collecting data only from specific parts of an infected system), Pegasus seems much more powerful, allowing its driver almost unlimited access and control over an infected device.
This includes access to contact lists, emails, and text messages, along with stored photos, videos, and audio files.
Pegasus can also be used to take control of the camera or microphone of the phone to record video and audio, and can access GPS data to check where the owner of the phone has been.
And it can also be used to record any new incoming or outgoing phone call.
Early versions of the virus infected phones through phishing attacks in which users are tricked into downloading the virus to their own phones by clicking on a malicious link sent by text or email.
But researchers say the software has become much more sophisticated, taking advantage of vulnerabilities in common phone applications to launch so-called “zero-click” attacks that can infect devices without the user doing anything.
For example, in 2019 WhatsApp revealed that 1,400 people had been infected by the NSO group software through the so-called “zero day” fault, a previously unknown error, in the app’s call function.
Users became infected when a WhatsApp call was made on their phones, whether they answered the call or not.
More recently, NSO has begun exploiting vulnerabilities in Apple’s iMessage software, giving it access to hundreds of millions of iPhones.
Apple says it is continuously updating its software to prevent these attacks, although human rights group Amnesty says it has discovered successful attacks on even the most up-to-date iOS systems.
NSO Group says Pegasus can also be installed on devices that use wireless transceivers located near the target, or it can be booted directly into the device if it is first stolen.