Lockdown mode: Apple closes the bulkheads for those at risk of espionage

Lockdown mode: Apple closes the bulkheads for those at risk of espionage

After several espionage affairs, in which journalists, civil rights activists and even high-profile politicians, among others, were bugged via the manufacturer’s devices, Apple wants to do significantly more for security.

With the next operating system versions for iPhone (iOS 16), iPad (iPadOS 16) and Mac (macOS 13 Ventura) there should be a new mode that seals the devices from the outside if you perceive yourself as a particularly vulnerable person. This is intended to make it less easy to exploit possible yet unknown security gaps in the operating systems, so-called zero days.

Apple currently specifies five different areas that should be better sealed when “Lockdown Mode” is active. But more can be added here, the new operating systems will appear in autumn. The messages app (iMessage) can no longer display “most types of message attachments” in lockdown – except for pictures. In addition, features such as the link preview will be disabled. This should help that gaps via attachments cannot be exploited so easily – Apple can control pure image formats better.

In the Safari browser, which is also inevitably found in every alternative web surfboard (e.g. Chrome and Firefox) on the iPhone and iPad as the WebKit engine, “certain complex web technologies such as just-in-time JavaScript compilation (JIT)” should no longer be used to run. This should reduce attack surfaces. However, there will be a whitelisting for trusted sites.

In the case of Apple services, “incoming invitations and service requests” from third parties with whom there has not yet been any communication should no longer be let through – this is apparently intended to make possible gaps in FaceTime unexploitable. Communication with another party is only allowed if a connection has already been established by the user. It is still unclear which apps this affects.

Apple wants to ward off dangers from physical connections via a USB-to-Lightning cable with a standard blockade in lockdown mode. Computers and accessories are no longer allowed to connect to the iPhone when it is “locked”. (The latter is somewhat confusing, however, because these actually have to be released now – details are likely to follow here as well.)

In addition, Apple has defused mobile device management (MDM), which is increasingly being misused as a gateway, in lockdown mode: no configuration profiles may then be installed and MDM registration is prohibited in lockdown. All in all, these are certainly sensible measures that Apple advises people “who are at risk from targeted cyber attacks by private companies with state-sponsored spy software”. But they also make using the device more uncomfortable.

In addition to the lockdown mode, which Apple describes as an “extreme[n]optional[n] Protection for the very small number of users who are exposed to serious, targeted threats to their digital security”, the group also wants to invest more money in security research – and donate money.

In addition to possible compensation payments from a lawsuit against the spyware company NSO Group, 10 million US dollars are to go to non-profit organizations. According to Apple, the first donation will go to the “Dignity and Justice Fund” set up by the Ford Foundation. The private foundation is committed to “promoting justice in the world,” according to Apple. Furthermore, a new bug bounty under Apple’s program of the same name will only be suspended for attacks on the lockdown mode: The sum is 2 million dollars, according to Apple “the highest bounty payout sum in the industry”.

Another data leak at the Marriot hotel chain: company and customer data compromised Previous post Another data leak at the Marriot hotel chain: company and customer data compromised
#heiseshow: Card terminals in retail - what was broken, what needs to change? Next post #heiseshow: Card terminals in retail – what was broken, what needs to change?