Apple Lockdown Mode protects iPhone, iPad, and Mac devices from spyware

Apple introduces a new security feature that protects devices against government spyware

Apple improves the device securityState-sponsored attackers use spyware on compromised devices, so Apple tries to avoid cyber attacks targeting journalists and humanitarians

The news security feature known as Lockdown Mode was introduced by Apple. It should roll out with the iOS 16 and macOS Ventura and protect high-risk individuals like human rights defenders, journalists, and dissidents against the targeted spyware attacks.[1] The optional protection feature is now available for preview with beta versions.

This is designed to counter a surge in cyber threats posed by private companies included in state-sponsored surveillance malware.[2] There are various threats that are used to spy on users. Most prevalent and known are Pegasus, Hermit, and Predator.

The Lockdown Mode is released to harden device defenses and strictly limit certain functionalities. It sharply reduces the attack surface that can be exploited by threat actors to spread highly targeted mercenary spyware, as officials from Apple state.[3] The feature is capable of blocking most message attachment types other than images and disabling links in the Messages application.

Blocking government-backed hacker monitoring

The Lockdown Mode provides the protection for messaging, web browsing, and connectivity protections and can block spyware that is backed by hacker groups related to the government. These spyware pieces often are used to monitor devices once the malware is installed and targets particular people.[4]

Attackers like this aim to compromise these devices with zero-click[5] exploits targeting various messaging applications like Facetime or WhatsApp, and web browsers. This feature should automatically block these attempts of the system compromise and vulnerable features.

This announcement comes after the previous addressing of the new Rapid Security Response feature in iOS 16 and macOS Ventura. This feature aims to deploy security fixes without the requirement for a full operating system version upgrade. Google and Meta also offer similar software features to secure accounts of individuals from takeover attempts.

The main features of the new Lockdown Mode

  • Most of the message attachment types besides images get blocked. Link previews get disabled.
  • Certain web technologies like just-in-time JavaScript compilation get disabled unless the user excludes a trusted site from Lockdown Mode.
  • Invitations and service requests like FaceTime calls get blocked if the user has not previously sent the sense or caller a call or request.
  • Wired connections with the computer or accessory get blocked when iPhone is locked.
  • Configuration profiles cannot be freely installed. The device cannot enroll into mobile device management when the Lockdown Mode is turned on.

This feature prevents attacks when the particular configuration profiles get abused to sideload applications bypassing the App Store from getting installed. Apple welcomes the feedback from researchers and also started a new category in the Apple Security Bounty program to reward security experts who find Lockdown Mode flaws and help to improve these cyber threat protections. Particular bounties get doubled for findings in Lockdown Mode and reach $2,000,000, which is the maximum in the industry.

This is a serious addition to Apple security since state-sponsored attacks using various spyware target various devices and individuals across platforms. There are other plans to include additional countermeasures to the feature in the future. The feature will not be switching on by default, so it can be accessed in Settings via Privacy & Security preferences.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions