Tech firm Apple plans to offer ‘lockdown mode’ as a security feature on the company’s iPhones, iPads and Macs later this year.
The firm says that the mode will block various message attachment types, disable link previews, switch off some web browsing technologies, block invitations and FaceTime calls from unknown sources and disable set-up of new configuration profiles or enrolment in mobile device management (MDM).
The new mode will also block wired connections to iPhones when they are locked. It’s explicitly as an optional level of security for the ‘very few’ users who, because of who they are or what they do, may be targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware, Apple said.
Spyware was featured in the March print edition of Professional Security magazine.
Comments
John Davis, Director UK & Ireland at the training body SANS Institute, said: “Apple’s launch of Lockdown Mode will offer protection from mobile spyware, which is another tool in a cybercriminal’s kit that may be used to steal valuable information from a victim. Contrary to popular belief, mobile malware less often relies on zero-day vulnerabilities, but more commonly leverages known, reported security loopholes, hoping to target unpatched systems or applications, to infiltrate and wreak havoc on mobile devices. Mobile users need to be wary of suspicious SMS/iMessage notes, or mechanisms around “overlay” applications. These are designed to look like legitimate applications, but instead contain trojans developed to steal user data to send to malicious third parties.
“Apple’s Lockdown Mode could go a long way towards preventing spyware cyber-attacks for its customers, but ultimately, end users should remember best practices they learned on other digital platforms and keep up good habits when accessing, storing, and utilising sensitive information on mobile devices. Users should also be reticent to not relax or adjust in-built security settings, as doing so opens up devices to vulnerabilities. Keep your devices current and updated and adhere to the security settings already in place to make for a safer overall experience. If there are red flags, don’t ignore them – valuable information flows on phones every day, so if cybercriminals can access this, then it can potentially spell disaster for individuals or companies.”
And Christoph Hebeison, Director, Security Intelligence Research at mobile security company Lookout, said: “While these measures certainly strengthen device security, it is important to keep in mind that Lockdown Mode does not reduce the attack surface of third-party apps installed on the device unless those apps also implement separate lockdown measures. In addition, functionality and performance of the device will necessarily be limited in Lockdown Mode – a tradeoff some users might be willing to accept for a while but the inconvenience will create an incentive to disable Lockdown Mode.
“Lockdown Mode reduces the amount of potentially vulnerable code available for attacks but if its use becomes common among users being targeted with mobile surveillance malware, attackers will be forced to develop exploits that are capable of taking over a device in Lockdown Mode. While this is unlikely to be impossible, the reduction in attack surface will make it more difficult and therefore more expensive to successfully attack mobile Apple devices.”
As for the actual problem, he said that most users are unlikely to be targeted with advanced attacks containing zero-day exploits, no matter which operating system their device uses. “The actors behind such attacks are usually law enforcement agencies or secret services, though in many well-documented cases these surveillance tools were not used against organised crime or terrorists but instead against lawyers, politicians, journalists, human-rights activists or executives deemed suspicious by their own government or the government of another country.”
