Apple to Introduce ‘Lockdown Mode,’ a new Extreme Dimension of Security coming to iPhone, iPad & Mac Operating Systems this Fall
In 2021 news began to break that high profile politicians and journalists using iPhones were being spied on with software from the Israeli firm NSO. In July 2021 ZDNet posted a report titled “NSO Group's Pegasus spyware used against journalists, political activists worldwide.” In April 2022 The New Yorker posted an article titled “How Democracies Spy on their Citizens” detailing how an iPhone 8 Plus phone owned by Jordi Solé, a pro-independence member of the European Parliament, was hacked by an attacker using NSO’s Pegasus spyware. Also in April, The Guardian reported that “The UK’s Prime Minister Boris Johnson was told that his Downing Street office has been targeted with “multiple” suspected infections using Pegasus, the sophisticated hacking software that can turn a phone into a remote listening device.”
To counter this new dimension of security threat, Apple announced today that it is previewing a groundbreaking security capability that offers specialized additional protection to users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware. Apple is also providing details of its $10 million grant to bolster research exposing such threats.
Apple detailed two initiatives to help protect users who may be personally targeted by some of the most sophisticated digital threats, such as those from private companies developing state-sponsored mercenary spyware.
Lockdown Mode — the first major capability of its kind, coming this fall with iOS 16, iPadOS 16, and macOS Ventura — is an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security.
Apple also shared details about the $10 million cybersecurity grant it announced last November to support civil society organizations that conduct mercenary spyware threat research and advocacy.
Ivan Krstić, Apple’s head of Security Engineering and Architecture: “Apple makes the most secure mobile devices on the market. Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks. While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”
Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware.
Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.
At launch, Lockdown Mode includes the following protections:
- Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
- Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
- Wired connections with a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
Apple will continue to strengthen Lockdown Mode and add new protections to it over time. To invite feedback and collaboration from the security research community, Apple has also established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 — the highest maximum bounty payout in the industry.
Lori McGlinchey, the Ford Foundation’s director of its Technology and Society program: “The global spyware trade targets human rights defenders, journalists, and dissidents; it facilitates violence, reinforces authoritarianism, and supports political repression. The Ford Foundation is proud to support this extraordinary initiative to bolster civil society research and advocacy to resist mercenary spyware. We must build on Apple’s commitment, and we invite companies and donors to join the Dignity and Justice Fund and bring additional resources to this collective fight.”
The Dignity and Justice Fund expects to make its first grants in late 2022 or early 2023, initially funding approaches to help expose mercenary spyware and protect potential targets that include:
- Building organizational capacity and increasing field coordination of new and existing civil society cybersecurity research and advocacy groups.
- Supporting the development of standardized forensic methods to detect and confirm spyware infiltration that meet evidentiary standards.
- Enabling civil society to more effectively partner with device manufacturers, software developers, commercial security firms, and other relevant companies to identify and address vulnerabilities.
- Increasing awareness among investors, journalists, and policymakers about the global mercenary spyware industry.
- Building the capacity of human rights defenders to identify and respond to spyware attacks, including security audits for organizations that face heightened threats to their networks.
The Dignity and Justice Fund’s grant-making strategy to research, track, and hold the enhanced cyber weapons trade accountable will be advised by an independent, global Technical Advisory Committee. Initial members include:
- Ron Deibert, professor of political science, and director of the Citizen Lab at the Munk School of Global Affairs & Public Policy, University of Toronto
- Ivan Krstić, head of Apple Security Engineering and Architecture
Ron Deibert, director of the Citizen Lab, a research group at the University of Toronto: “There is now undeniable evidence from the research of the Citizen Lab and other organizations that the mercenary surveillance industry is facilitating the spread of authoritarian practices and massive human rights abuses worldwide. I applaud Apple for establishing this important grant, which will send a strong message and help nurture independent researchers and advocacy organizations holding mercenary spyware vendors accountable for the harms they are inflicting on innocent people.”