Apple on Wednesday previewed a groundbreaking security capability – Lockdown Mode – that offers specialized additional protection to users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware. Apple is also providing details of its $10 million grant to bolster research exposing such threats.
“Apple makes the most secure mobile devices on the market. Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture, said in a statement on Wednesday. “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”
On Wednesday, Apple previewed an ingenious option it plans to add to its flagship OSes in the coming months to counter the mercenary spyware menace. The company is upfront—almost in your face—that Lockdown mode is an option that will degrade the user experience and is intended for only a small number of users.
Lockdown mode is a big deal for lots of reasons, not the least of which is that it comes from Apple, a company that’s hyper-sensitive about customer perception. Officially acknowledging that its customers are vulnerable to the scourge of mercenary spyware is a big step.
But the move is big because of its simplicity and concreteness. No security snake oil here. If you want better security, learn to do without the services that pose the biggest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about counseling victims of NSO spyware, said Lockdown mode provides one of the first effective courses for vulnerable individuals to follow short of turning off their devices altogether.
2/ When you notify users that they've been targeted with sophisticated threats, they inevitably ask:
'How can I make my phone safer?'
We haven't had many great, honest answers that really make an impact.
Hardening a consumer handset is really out of reach.
— John Scott-Railton (@jsrailton) July 6, 2022
4/ Big companies can be *slow* to roll out higher security features.
Yet after they toe-dip as opt-in, they often realize some of these features are *also* possible for their whole user base.
Source: paper I wrote about this problem https://t.co/Z6X5Xfes62 pic.twitter.com/tcQtX4pePf
— John Scott-Railton (@jsrailton) July 6, 2022
6/ With #LockdownMode @Apple just raised the bar around what's possible.
I'm excited to see how it works out for high risk users.
There will be a learning curve & unexpected lessons.
I'm also hoping we see similar efforts from other companies.
Also, the 2x bounty = smart. pic.twitter.com/R3q36IP3GA
— John Scott-Railton (@jsrailton) July 6, 2022
8/ When features like #Lockdownmode work.. bad things don't happen.
Like vaccines.
Meanwhile, users feel frictions immediately.
Analogy: side effects.
Messaging challenge: making sure high risk users know what to expect… while believing it's still worth it.
— John Scott-Railton (@jsrailton) July 6, 2022
MacDailyNews Take: Only Apple.
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!
Shop The Apple Store at Amazon.
Just think what my landline could do!
Ya sure! Until the feds decide to tap it.
With a warrant, that’s fine.
I guess this will test where users’ personal feature vs. privacy line is drawn. Wonder how granular you can make the settings.
Believe it or not, I have no issue with this at all. Flash and all forbidden apps should have been treated the same way.
Meaningless once “only Apple” enables CSAM, the mercenaries wet dream…