Mercenary spyware is among the most difficult threats to remove. It is statistically unlikely that the majority of us will ever see it because it only focuses on an infinitesimally tiny segment of the world. However, although exclusively targeting the most powerful people (such as diplomats, political dissidents, and lawyers), the sophisticated software has a devastating impact that is greatly out of proportion to the limited number of infected persons.
Making devices and software as a result is difficult. How can malware created by organisations like NSO Group, which creates clickless exploits that instantly turn fully updated iOS and Android devices into sophisticated bugging devices, be made to safeguard what is likely well below 1% of your user base?
There is no security snake oil here
On Wednesday, Apple gave users a sneak peek at a brilliant feature it would soon include into its flagship operating systems to counter the threat of mercenary spyware. The firm is quite front—almost in your face—about the fact that Lockdown mode would negatively impact user experience and is only meant for a select group of users.
According to the company, “Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware,” “Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”
According to Apple, Lockdown mode turns off all common protocols and services. It won’t run at all. Just-in-time JavaScript is a development that improves performance by compiling code on the fly. That is probably a safeguard against JiT-spraying, a method frequently employed in virus exploitation. Devices cannot enrol in mobile device management, which is used to install particular organization-specific software, while in lockdown mode.
According to Apple, Lockdown mode disables all regular protocols and services. Just-in-time JavaScript, a development that improves performance by generating code on the device during execution, won’t function at all. That is probably a safeguard against the use of JiT-spraying, a method frequently employed in malware exploitation. Devices cannot enrol in mobile device management, which is used to install special organization-specific software, while in lockdown mode.
The complete list of limitations is as follows:
- Messages: All attachment kinds besides photos are restricted. Link previews are one of the functions that is deactivated.
- Web browsing: Unless the user excludes a trusted site from Lockdown Mode, some advanced web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled.
- Apple services: If the user has not already made a call or requested a service from the initiator, incoming invitations and requests, including FaceTime calls, are denied.
- When iPhone is locked, wired connections to a computer or device are disabled.
- While Lockdown Mode is activated, configuration profiles cannot be installed and the device cannot be enrolled in mobile device management (MDM).
Apple being very frank about the extra friction Lockdown adds to the user experience is helpful because it emphasises what every security expert or hobbyist already knows: Security is always a trade-off with usability. It’s also good to see that Apple intends to let users create lists of websites that can provide JIT JavaScript while Lockdown mode is active. Apple may provide a similar allow-listing of trusted contacts, fingers crossed.
Lockdown mode is significant for many reasons, not the least of which is the fact that it was developed by Apple, a business that is extremely sensitive to user opinion. It’s a major move for a company to formally admit that its clients are susceptible to the scourge of mercenary spyware.
However, the change is significant due to its simplicity and concreteness. This is not security snake oil. Learn to live without the services that offer the highest security risks if you desire improved security. Lockdown mode is one of the first useful steps for those who are vulnerable to follow before completely shutting off their devices, according to Citizen Lab researcher John Scott-Railton, who has experience counselling victims of NSO malware.
“When you notify users that they’ve been targeted with sophisticated threats, they inevitably ask ‘How can I make my phone safer?” he wrote.
’ “We haven’t had many great, honest answers that really make an impact. Hardening a consumer handset is really out of reach.”
Given that Apple has paved the way, it seems certain that Google will follow suit with its Android operating system, and it wouldn’t be unexpected if other businesses followed after. It might also spark a fruitful debate on widening the approach within the field. Why can’t Apple provide users the option to stop built-in microphone, camera, GPS, or cellular capabilities if it will allow them to prevent unsolicited messages from unknown sources?
Lockdown mode doesn’t prevent your smartphone from connecting to cellular networks and broadcasting unique identifiers like IMEI and ICCID, at least according to how Apple defined it on Wednesday. That’s just a natural limitation; it’s not a critique. Additionally, security fundamentally involves trade-offs.
- Wear OS 5 Now Available for Older Galaxy Watch Devices - November 20, 2024
- Nick Martinez accepts the Reds’ qualifying offer of $21.05 million - November 19, 2024
- Apple Announces Next-Gen AirTag for 2025 with Enhanced Privacy Features - November 18, 2024