For most of its existence, Apple has made its reputation for sleek design and marketing and delivery of the new thing before people know it wants it. Lately, this novelty has often been new privacy and security features and this fall the company plans to launch a major option in iOS that will provide a significant new level of security for people at serious risk of highly targeted attacks. .
When iOS 16 launches in the fall, it will include a new set of security capabilities collectively known as lock mode that Apple describes as “an extreme and optional level of security.” The capabilities are designed to remove a large portion of the attack surface that highly capable attackers, such as NSO Group and others that sell commercial spyware to state actors, use to compromise iPhones. The lock mode is designed specifically for high-risk user groups, such as activists, journalists, and political dissidents, and will severely restrict the functionality of iPhones when enabled. Among other things, lock mode will block most attachments in Messaging, disable JIT and other technologies on the web, prevent installation profiles from being installed, and block cable connections to computers or accessories when your phone is locked. .
Users will be able to activate the lock mode on their own, but will not be able to activate and deactivate the individual capabilities that are part of the new security set.
“While the vast majority of users will never fall victim to highly targeted cyber attacks, we will work tirelessly to protect the small number of users who are. This includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world that are doing important work to expose the mercenary companies that create these digital attacks, ”said Ivan Krstic, head of engineering and security architecture at Apple.
The set of companies selling high-end custom spyware tools is relatively small, but the effects they have on the people their products are targeted at are profound. Targets are often dissidents or activists from authoritarian countries, journalists, social activists and others who become inconvenient for governments purchasing these tools. Citizen Lab security researchers have exposed extensive use of Pegasus spyware sold by NSO Group in many countries, including the United Kingdom, Bahrain, Jordan and others, and in many cases the victims of these attacks were compromised by somehow through their mobile devices. . Some of these intrusions involved new exploits against previously unknown vulnerabilities in iOS, often via text messages.
The lock mode is designed to remove as many of these attack vectors from the board as possible, and researchers say it is an important step forward, not only for users at risk, but for the population of users more great.
“Many features provide a roadmap for better security for everyone.”
“Using lock mode is like expelling attack categories. It won’t stop you from being vulnerable to anything. It’s important that large operating system developers move forward to offer users better protections,” said John Scott-Railton, senior researcher at Citizen Lab at the University of Toronto Munk School.
“It’s also a fall in the foot and it’s important for big platforms to have higher security features. Sometimes it’s thought that more security can provide more friction, but users like those features. This is the first step towards “Incorporating better protections. There is a problem of collective action. If companies compete with each other, they are sometimes reluctant to add features that can drive users to their competitors. But this is an important move.”
Many of the technologies and features that have had the greatest impact on improving web security began as tests or features designed for small groups of people. One example is the use of HTTPS, which browser vendors initially encouraged, then made it optional, and finally made it the default connection mode. Now, almost all traffic on major platforms is encrypted.
“When you grow up, it’s like an antibiotic, it’s like, have you had all the bacteria? Or all the threats? It makes the next big step easier,” Scott-Railton said.
And while the lock mode is specifically designed for people who are at high risk of being targeted by commercial spyware or other advanced threats, the benefits will eventually build up for everyone.
“High-risk users should also mean people who run well-known banks, celebrities, cryptocurrency investors. Anyone who is at a high threat level,” Scott-Railton said. “Many features provide a roadmap for better security for everyone.”