Apple CEO Tim Cook delivers a lecture during the European Union privacy conference at the EU Parliament in Brussels, Belgium, on October 24, 2018.
Yves Herman | Reuters
Apple on Wednesday announced a new feature for iPhones called lock mode to protect high-profile users, such as politicians and activists, from state-sponsored hackers.
Lock mode disables various features of the iPhone in order to make it less vulnerable to spyware by significantly reducing the number of features that attackers can access and hack.
Specifically, it disables many preview features in iMessage, limits JavaScript in the Safari browser, prevents new configuration profiles from being installed, blocks wired connections (thus prevents device data from being copied), and shuts down only Incoming Apple service requests, including FaceTime.
The tech giant will pay up to $ 2 million to researchers who find a security flaw in lock mode.
The announcement comes months after revelations that state-sponsored hackers had the ability to hack iPhones from recent models with “zero-click” attacks distributed via text messages. These attacks can be successful even if the victim does not click on a link.
The iPhone maker has faced increasing calls from governments to address the issue. In March, U.S. lawmakers pressed Apple for details of the attack, including whether it could detect them, how many had been discovered, and when and where they occurred.
Most hackers have financial motivations and most malware is designed to cause a user to provide valuable information such as a password or the attacker to access financial accounts.
But the state-sponsored attacks targeted by the blockade mode are different: they use very expensive tools sold directly to law enforcement agencies or sovereign governments, and they use undiscovered mistakes to settle in. iPhone operating system. From there, attackers can do things like control the microphone and camera, and steal the user’s browsing and communications history.
The lock mode is intended for the small number of people who believe they may be the target of a state-sponsored hacker and need an extreme level of security. According to The Washington Post, victims attacked by military-grade spyware include journalists, human rights activists and business executives. Allegedly, spyware has also been used to attack civil servants, including a French minister and Catalan separatist leaders in Spain.
“While the vast majority of users will never be the victims of highly targeted cyber attacks, we will work tirelessly to protect the small number of users who are,” said Ivan Krstić, head of engineering and security architecture at Apple. , in a statement.
Zoom in on the Arrows icon pointing out
Pegasus
There are several types of mercenary spyware, but the best known version is Pegasus, which was developed by NSO Group in Israel. Recently, researchers at the University of Toronto and Amnesty International have discovered and documented versions of this type of spyware aimed at iPhones.
The NSO group has previously said that governments legally use their technology to fight pedophiles and terrorists.
NSO Group doesn’t like big tech companies, especially Apple, which markets their devices as safer than the competition. Apple sued NSO Group last year, saying it was malicious and damaged Apple’s business. Facebook’s father, Meta, is also suing NSO Group for its alleged efforts to hack WhatsApp.
Last November, the U.S. Department of Commerce blacklisted the NSO Group, preventing U.S. companies from collaborating with it, one of the strongest measures the U.S. government can take to attack foreign companies. .
Apple says the vast majority of the 1 billion iPhone users will never be targeted. Mercenary spyware like Pegasus can cost hundreds of millions of dollars, according to Apple, so the tools are valuable and are only used to target a small number of users. Once new versions of spyware are discovered, Apple fixes the bugs they use, making the original exploits ineffective and forcing vendors like NSO Group to reconfigure the operation of their tools.
Lock mode won’t be turned on by default, but it can be turned on from the iPhone’s one-touch settings, Apple said. It will also be available for iPads and Macs.
The new feature will be available for testing on a beta version of iOS this week ahead of its extensive release scheduled for fall.