Apple unveils feature to block spyware
Apple plans to introduce an innovative security feature to give potential targets of government hacking an easy way to make their iPhones safer.
The company said it would be releasing the new “Lockdown Mode” in test versions of its operating systems shortly, with full distribution in the fall as part of iOS 16 for iPhones as well as the operating systems for iPads and Mac computers.
The action follows waves of attacks documented by the Washington Post and others showing that iPhones were being hacked by Pegasus spyware distributed by the Israeli company NSO Group and then used to capture contact information and live audio. But while Pegasus prompted Apple to act, it is not the only spyware that would be hobbled by the new feature.
Once engaged, Lockdown Mode will block most types of attachments on messages and prevent the phone from previewing web links, which are frequently used to transmit spyware. Locking a phone will disable wired connections to computers and accessories that are used to take control of devices that have been seized by police or stolen by spies.
Apple’s lockdown tactic resolves a longstanding tension in its design approach between security concerns and the pursuit of easy-to-use, highly functional capabilities. The extra usability made the phones more vulnerable to attack through iMessage, FaceTime and other software. Lockdown Mode gives users the choice of whether to maintain those features. When activated, it limits what the phone can do.
Ivan Krstic, Apple’s head of security engineering, said that “the vast majority of users” will have no need of the high-security mode but that the company will work with security researchers to keep protecting the minority at severe risk. The more secure mode can be easily toggled on and off, but Apple said the highest-value targets would probably leave it on.
After an international consortium of news outlets reported last year that Pegasus had been used against political dissidents, human rights advocates and journalists, Apple sued NSO and issued its first sweeping notifications to those who may have been hacked by NSO’s government clients. The United States, alarmed by the pervasiveness of the spyware, placed NSO on a trade blacklist that prohibits it from doing business with American companies.
Though NSO claims it limits its buyers to governments and authorizes the spyware’s use only against terrorists and criminals, the spyware was found on a phone belonging to the wife of slain Post columnist Jamal Khashoggi, as well as those of several
French cabinet ministers, the estranged wife and daughter of the ruler of Dubai, and a Saudi dissident.
Researchers at the University of Toronto’s Citizen Lab captured what they said was a new version of Pegasus last year that exploited Apple devices through iMessage without needing any action from the victim to be installed. That triggered an Apple investigation and the notifications to targets.
On a call with reporters last week, Apple representatives said those warnings have now gone to residents of 150 countries, underscoring the dramatic scale of the problem.
Citizen Lab founder Ron Deibert said that while he had not tried out the new setup, it is “along the lines of steps we have been advocating that companies can take.”