Surveillance-for-rental-industry has emerged in recent years as a very real threat to activists, dissidents, journalists and human rights defenders around the world as vendors offer increasingly invasive and effective spyware to governments. The most sophisticated of these tools, such as NSO Group’s infamous Pegasus spyware, targets victims’ smartphones using rare and sophisticated utilities to compromise Apple’s iOS and Google’s Android mobile operating systems. As the situation for the victims has worsened, activists and security experts have increasingly called for more drastic measures to protect vulnerable people. Now Apple has an option.
Today, Apple announces a new feature for its upcoming iOS 16 release called Lockdown Mode. Apple emphasizes that the feature was created for a small subset of users at high risk for government targeting, and it does not expect the feature to become widespread. But for those who want to use it, the feature is an alternative mode of iOS that severely limits the tools and services that spyware actors target to take control of victims’ devices.
“This is an unprecedented step in user safety for high-risk users,” Ron Deibert, director of the University of Toronto’s Citizen Lab, said in an interview with reporters ahead of the announcement. “I think this will throw a wrench into their modus operandi. I expect [spyware vendors] to try to evolve, but hopefully this feature will prevent some of these damages from happening along the way. “
Lockdown Mode is a separate operating system mode. To turn it on, users activate the feature in the Settings menu and are then prompted to restart their device for all protections and digital defenses to take effect. The function imposes restrictions on the most leaky parts of the operating system sight. Lockdown Mode extensively attempts to address web browsing threats, for example by blocking many speed and efficiency features that Safari (and WebKit) use to render web pages. Users can specifically mark a particular web page as trusted so that it loads normally, but by default, Lockdown Mode imposes a host of restrictions that extend everywhere WebKit works behind the scenes. In other words, when you load web content into a third-party app or an iOS app like Mail, the same protection features in Lockdown Mode will apply.
Lock mode also restricts all kinds of incoming invitations and requests, unless the device has previously started a request. This means that your friend cannot call you on FaceTime, for example, if you have never called them. And to take it a step further, even when starting an interaction with another device, Lockdown Mode only honors this connection for 30 days. If you do not talk to a specific friend for several weeks after that, you will need to reconnect before they can contact you again. In Messaging – a frequent target for spyware exploitation – Lock Mode does not display link previews and blocks all attachments except for a few trusted image formats.
Lockdown Mode also strengthens other protections. For example, when a device is locked, it does not receive connections from anything that is physically connected to it. And it’s crucial that a device that is not already registered with one of Apple’s Enterprise Mobile Device Management (MDM) applications cannot be added to one of these schemes once Lockdown Mode is turned on. This means that if your company gives you a phone registered to the company’s MDM, it will remain active if you then activate Lockdown Mode. And the administrator of your MDM can not remotely disable lock mode on your device. However, if your phone is just a standard consumer device and you put it in locked mode, you will not be able to enable MDM. This is important because attackers will trick victims into activating MDM as a way to get the ability to install malicious apps on their devices.