Amid NSO lawsuit, Apple expands spyware protections

Apple previews a new feature called Lockdown Mode to protect iPhone and iPad users from ‘mercenary spyware’

Apple has previewed a new security feature – Lockdown Mode – designed to offer specialised protections for users at high risk of targeted cyber attacks by private companies developing state-sponsored “mercenary” spyware.

Lockdown Mode will become available later this year on devices running iOS 16, iPadOS 16 and macOS Ventura, and is described as the first major capability of its kind to offer “extreme, optional protection” for users who face the gravest threats to their digital security.

When it becomes available, it will harden device defences and limit a number of functions to reduce the attack surface. Initial features will include the ability to:

  • Block most message attachments and disable link previews.
  • Disable some complex web technologies, such as just-in-time JavaScript compilation, unless used by a user-trusted website.
  • Block incoming invitations and service requests, such as FaceTime calls.
  • Block wired connections with computers or other accessories when a mobile device is locked.
  • Block the installation of configuration profiles when Lockdown Mode is switched on – also, it will not be possible to enroll the device into any mobile device management (MDM) service in such circumstances.

“Apple makes the most secure mobile devices on the market,” said Ivan Krstić, Apple’s head of security engineering and architecture. “Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks.

“While the vast majority of users will never be the victims of highly targeted cyber attacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defences specifically for these users, as well as supporting researchers and organisations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

Krstić said Apple would continue to strengthen the feature over time, and to help it do so, the firm is setting up a new category within its existing bug bounty programme to encourage hackers to try their luck at bypassing it. Bounties will be doubled for qualifying findings, up to a maximum of $2m.

The addition of Lockdown Mode comes after Apple devices were hacked by multiple governments in countries around the world and used to spy on targets such as activists, journalists and political rivals using a remote access trojan (RAT) called Pegasus, which was developed by disgraced Israeli spyware company NSO Group.

Apple is currently suing NSO Group over its actions, which were exposed in 2021 by a group of investigative journalists, and says that if its lawsuit is successful, it will use any damages awarded to top up a $10m grant – announced at the same time as Lockdown Mode – supporting organisations that investigate, expose and prevent targeted cyber attacks, including those created by companies such as NSO Group. This grant will be disbursed through the Ford Foundation’s Dignity and Justice Fund.

“The global spyware trade targets human rights defenders, journalists and dissidents; it facilitates violence, reinforces authoritarianism and supports political repression,” said Lori McGlinchey,  director of the Ford Foundation’s technology and society programme.

“The Ford Foundation is proud to support this extraordinary initiative to bolster civil society research and advocacy to resist mercenary spyware. We must build on Apple’s commitment, and we invite companies and donors to join the Dignity and Justice Fund and bring additional resources to this collective fight.”

Ron Deibert, director of the University of Toronto’s Citizen Lab, which was instrumental in exposing NSO Group’s malfeasance, added: “There is now undeniable evidence from the research of the Citizen Lab and other organisations that the mercenary surveillance industry is facilitating the spread of authoritarian practices and massive human rights abuses worldwide.

“I applaud Apple for establishing this important grant, which will send a strong message and help nurture independent researchers and advocacy organisations holding mercenary spyware vendors accountable for the harms they are inflicting on innocent people.”

Read more about NSO and Pegasus spyware

Read more on Endpoint security

Data Center
Data Management