Apple
Spyware mercenary is one of the most difficult threats to combat. It targets an infinitesimally small percentage of the world, so it’s statistically unlikely that most of us will see it. And yet, because sophisticated malware only targets the most influential people (think diplomats, political dissidents, and lawyers), it has a devastating effect that is vastly out of proportion to the small number of people it infects.
This puts device and software manufacturers in a bind. How do you create something to protect what is probably well under 1 percent of your user base against malware created by companies like NSO Group, maker of no click exploits that instantly turn fully up-to-date iOS and Android devices into sophisticated error detection devices.
No security snake oil here
On Wednesday, Apple previewed a nifty option it plans to add to its flagship operating systems in the coming months to counter the threat of mercenary spyware. The company is honest, almost to its face, that lockdown mode is an option that will degrade the user experience and is intended for only a small number of users.
“Lockdown mode offers an extreme and optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private . companies that develop state-sponsored mercenary spyware,” the company said. “Enabling lockdown mode in iOS 16, iPadOS 16, and macOS Ventura further strengthens device defenses and strictly limits functional certainties, dramatically reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware.”
As Apple says, lockdown mode disables all kinds of protocols and services that are running normally. Just-in-time JavaScript, an innovation that speeds up performance by compiling code on the device at runtime, won’t run at all. That’s probably a defense against using JIT spraying, a common technique used in malware exploitation. While in lockdown mode, devices are also unable to enroll in what is known as Mobile device management It is used to install special software specific to your organization.
The full list of restrictions are:
- Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
- Web browsing: Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from blocking mode.
- Apple Services: Incoming service requests and invitations, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
- Wired connections to a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed, and the device cannot be enrolled in mobile device management (MDM), while lockdown mode is enabled.
It’s helpful that Apple is candid about the extra friction Lockdown adds to the user experience because it underscores what every security professional or hobbyist knows: security always trades off with ease of use. It’s also encouraging to hear of Apple’s plans to allow users to whitelist sites that can serve JIT JavaScript while in blocking mode. Fingers crossed: Apple could allow a similar list of trusted contacts.
Lockdown mode is a big deal for many reasons, one of which is that it comes from Apple, a company that is hypersensitive to customer perception. Officially acknowledging that your customers are vulnerable to the scourge of mercenary spyware is a big step.
But the move is great for its simplicity and concreteness. There is no security snake oil here. If you want better security, learn how to get rid of the services that pose the biggest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about counseling NSO spyware victims, said Lockdown mode provides one of the first effective courses that vulnerable people can take before shutting down their devices completely.
“When you notify users that they’ve been targeted by sophisticated threats, they inevitably ask, ‘How can I make my phone more secure?’ he wrote.’ “We haven’t had a lot of good, honest responses that really have an impact. Hardening a consumer phone is really out of our hands.”
3/ There is a common mental barrier between major platforms and OS developers around adding high security features.
Many unavoidable considerations, such as:
– Worst user experience (especially against the competition!)
– Latest Features
– More customer service resources are required, etc.— John Scott-Railton (@jsrailton) July 6, 2022
Now that Apple has opened the door, it’s inevitable that Google will do the same with its Android operating system, and it wouldn’t be surprising if other companies joined as well. It can also start a useful discussion in the industry about broadening the focus. If Apple allows users to disable spam messages from unknown people, why can’t it offer an option to disable the microphone, camera, GPS, or built-in cellular features?
One thing everyone should know about lockdown mode, at least as Apple described it on Wednesday, is that it doesn’t prevent your device from connecting to cellular networks and transmitting unique identifiers like IMEI and ICCID. That’s not a criticism, just a natural limitation. And offsets are a critical part of safety.
So if you’re like most people, you’ll never need lockdown mode. But it’s great that Apple offers it because it will make us all safer.
