Why Apple’s lockdown mode is one of the coolest security ideas out there

Why Apple's lockdown mode is one of the coolest security ideas out there

Apple

Mercenary spyware is one of the most difficult threats to combat. It targets a tiny percentage of the world, making it statistically unlikely that most of us will ever see it. Because only the most influential people are chosen (think diplomats, political dissidents, and lawyers), the sophisticated malware that private companies sell to national governments has a devastating effect out of proportion to the small numbers infected.

This puts device and software manufacturers in a dilemma. How do you build something that will probably protect well under 1 percent of your user base from malware developed by companies like NSO Group, makers of clickless exploits that instantly turn fully updated iOS and Android devices into sophisticated eavesdropping devices.

No safety snake oil here

On Wednesday, Apple unveiled an ingenious option it plans to add to its flagship operating systems in the coming months to counter the mercenary spyware threat. The company is open – almost in your face – that lockdown mode is an option that hurts user experience and is only intended for a small number of users.

“Lockdown mode provides an extreme, optional level of security for the very few users who, by their person or work, may personally become the target of some of the most sophisticated digital threats, such as. B. those of the NSO Group and other private companies that develop government-sponsored mercenary spyware,” the company said. “Turning on lockdown mode in iOS 16, iPadOS 16, and macOS Ventura further strengthens device defenses and severely restricts certain functions, greatly reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware.”

As Apple says, lockdown mode disables all types of protocols and services from running normally. Just-in-time JavaScript—an innovation that speeds up performance by compiling code at runtime on the device—doesn’t run at all. This is likely a defense against using JiT spraying, a common technique used in malware exploitation. In lockdown mode, devices are also unable to log in to what is known as mobile device management, which is used to install special organization-specific software.

The full list of restrictions are:

  • Messages: Most types of message attachments except images are blocked. Some features like link previews are disabled.
  • Web browsing: Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted website from blocking mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked unless the user has previously sent the initiator a call or request.
  • Cable connections to a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed and the device cannot enroll in mobile device management (MDM) while lockdown mode is enabled.

It’s useful that Apple is open about the extra friction that lockdown adds to the user experience because it underscores what any security expert or hobbyist knows: security always comes with a trade-off with usability. It’s also encouraging to hear that Apple plans to allow users to allowlist the websites that are allowed to serve JIT JavaScript in lockdown mode. Fingers crossed that Apple might enable a similar Trusted Contacts allow list.

Lockdown mode is a big deal for many reasons, not the least of which is that it comes from Apple, a company very sensitive to customer perception. Official acknowledgment that its customers are vulnerable to the scourge of mercenary spyware is a big step.

But the move is great for its simplicity and concreteness. No safety snake oil here. If you want more security, learn to forego the services that pose the greatest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about counseling victims of NSO spyware, said Lockdown mode offers one of the first effective courses for vulnerable people to follow without completely turning off their devices.

“When you notify users that they are the target of sophisticated threats, they inevitably ask, ‘How can I make my phone more secure?'” he wrote.’ “We haven’t had many great, honest answers that really make a difference. Hardening a consumer phone is truly unattainable.”

Now that Apple has opened the door, it’s inevitable that Google will follow suit with its Android operating system, and it wouldn’t be surprising if other companies followed suit. It could also spark a useful discussion in the industry about expanding the approach. If Apple allows users to disable unwanted messages from strangers, why doesn’t it provide an option to disable built-in microphone, camera, GPS, or cellular functionality?

One thing everyone should know about lockdown mode, at least as Apple detailed Wednesday, is that it doesn’t prevent your device from connecting to cellular networks and broadcasting unique identifiers like IMEI and ICCID. That’s not a criticism, just a natural limitation. And trade-offs are a core part of security.

So if you’re like most people, you’ll never need lockdown mode. But it’s great that Apple will offer it because it will make us all safer.