Apple announces ‘Lockdown Mode’ to counter spyware

Apple previewed a hardened “Lockdown Mode” on Wednesday that’s designed to thwart sophisticated attackers, including spyware sold to governments.

“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” Ivan Krstić, Apple’s head of Security Engineering and Architecture said in a blog post about the upcoming feature. 

Lockdown Mode will be rolled out this fall with macOS Ventura, iOS 16, and iPadOS 16. The mode is optional and will greatly restrict some features, but aims to protect human rights workers and researchers by limiting available attack surface. 

At launch, Apple says Lockdown mode will involve:

Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.

Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.

Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.

Wired connections with a computer or accessory are blocked when iPhone is locked.

Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

The company also announced it will pay out up to $2 million dollars to researchers who report “qualifying findings in Lockdown Mode” through its bug bounty program — “the highest maximum bounty payout in the industry.”

A growing problem

For years, researchers have warned about off-the-shelf hacking tools developed by private companies and sold to governments to target human rights defenders, members of the media, and political opponents – including attacks that could compromise victim’s devices without them even clicking on anything. 

Last September, University of Toronto’s Citizen Lab reported on one such “zero-click” attack targeting Apple devices researchers dubbed FORCEDENTRY — coordinating disclosure with the company’s release of a patch for the underlying vulnerability. 

The next month, Apple filed a lawsuit against NSO Group — the developer of the Pegasus hacking tool researchers identified using the exploit — and announced it would contribute $10 million dollars along with any damages awarded from that suit to research and other efforts to fend off such cyberweapons. 

The company also shared details about how that funding would be distributed Wednesday, saying it expected grants to be dispersed starting later this year via the Dignity and Justice Fund, a philanthropic vehicle advised by the Ford Foundation. 

Apple also announced a technical advisory committee for the Fund’s work related to cyberweapons including Citizen Lab Director Ron Deibert, Access Now’s Daniel Bedoya Arroyo, Amnesty International’s Rasha Abdul Rahim, The Engine Room’s Paola Mosso, and Krstić.