Spyware mercenary is one of the most difficult threats to combat. It targets an infinitesimally small percentage of the world, so it’s statistically unlikely that most of us will see it. And yet, because sophisticated malware only targets the most influential people (think diplomats, political dissidents, and lawyers), it has a devastating effect that is vastly out of proportion to the small number of people it infects.
This puts device and software manufacturers in a bind. How do you create something to protect what is probably well under 1 percent of your user base against malware created by companies like NSO Group, maker of no click exploits that instantly turn fully up-to-date iOS and Android devices into sophisticated error detection devices.
No security snake oil here
On Wednesday, Apple previewed a nifty option it plans to add to its flagship operating systems in the coming months to counter the threat of mercenary spyware. The company is honest, almost to its face, that lockdown mode is an option that will degrade the user experience and is intended for only a small number of users.
“Lockdown mode offers an extreme and optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private . companies that develop state-sponsored mercenary spyware,” the company said. “Enabling lockdown mode in iOS 16, iPadOS 16, and macOS Ventura further strengthens device defenses and strictly limits functional certainties, dramatically reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware.”
The full list of restrictions are:
- Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
- Apple Services: Incoming service requests and invitations, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
- Wired connections to a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed, and the device cannot be enrolled in mobile device management (MDM), while lockdown mode is enabled.
Lockdown mode is a big deal for many reasons, one of which is that it comes from Apple, a company that is hypersensitive to customer perception. Officially acknowledging that your customers are vulnerable to the scourge of mercenary spyware is a big step.
But the move is great for its simplicity and concreteness. There is no security snake oil here. If you want better security, learn how to get rid of the services that pose the biggest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about counseling NSO spyware victims, said Lockdown mode provides one of the first effective courses that vulnerable people can take before shutting down their devices completely.
“When you notify users that they’ve been targeted by sophisticated threats, they inevitably ask, ‘How can I make my phone more secure?’ he wrote.’ “We haven’t had a lot of good, honest responses that really have an impact. Hardening a consumer phone is really out of our hands.”
3/ There is a common mental barrier between major platforms and OS developers around adding high security features.
Many unavoidable considerations, such as:
– Worst user experience (especially against the competition!)
– Latest Features
– More customer service resources are required, etc.
— John Scott-Railton (@jsrailton) July 6, 2022
Now that Apple has opened the door, it’s inevitable that Google will do the same with its Android operating system, and it wouldn’t be surprising if other companies joined as well. It can also start a useful discussion in the industry about broadening the focus. If Apple allows users to disable spam messages from unknown people, why can’t it offer an option to disable the microphone, camera, GPS, or built-in cellular features?
One thing everyone should know about lockdown mode, at least as Apple described it on Wednesday, is that it doesn’t prevent your device from connecting to cellular networks and transmitting unique identifiers like IMEI and ICCID. That’s not a criticism, just a natural limitation. And offsets are a critical part of safety.
So if you’re like most people, you’ll never need lockdown mode. But it’s great that Apple offers it because it will make us all safer.
Leave a Comment