Why Lockdown mode from Apple is one of the coolest security ideas ever

Mercenary spyware is a very difficult threat to eradicate. Most of us will never see it because it targets an infinitesimally small percentage of the world. It has a devastating effect that is far out of proportion to the small number of people that are affected.

This puts device and software makers in a bind. How do you build something to protect what’s likely well below 1 percent of your user base against malware built by companies like NSO Group, maker of clickless exploits that instantly convert fully updated iOS and Android devices into sophisticated bugging devices.

No security snake oil here

On Wednesday, Apple showed off an idea it plans to add to its flagship OSes in the coming months. Lockdown mode is an option that will degrade the user experience and is meant for a small group of users.

Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats. Lockdown Mode in iPadOS 16 and macOS Ventura reduces the attack surface that could be exploited by highly targeted mercenary spyware.

Lockdown mode disabling all protocols and services that run normally Javascript won't run at all because it's just-in-time That could be a defense against the use of JiT-spraying. In Lockdown mode, devices can't enroll in mobile device management, which is used for installing special organization specific software.

Advertisement

There are a lot of restrictions.

• Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.

• Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.

• Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.

• Wired connections with a computer or accessory are blocked when iPhone is locked.

• Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

Every security professional knows that security always results in a trade-off with user experience, which is why Apple is upfront about Lockdown. Apple plans to allow users to allow-list the sites that are allowed to serve JIT Javascript while in Lockdown mode. It would be great if Apple could allow listing of trusted contacts.

Lockdown mode is a big deal because it is from Apple, a company that is very sensitive about customer perception. It is a big step to officially acknowledge that its customers are at risk.

The move is simple and concrete. There's no security oil here. The services that pose the biggest threat should be avoided. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about counseling victims of NSO spyware, said Lockdown mode is one of the first effective courses for vulnerable people to follow.

He wrote that when users are notified of threats, they inevitably ask how to make their phones safer. We haven't had a lot of honest answers. It's not possible to Harden a consumer phone.

3/There's a common mental barrier among big platforms & OS developers around mainstreaming high-security features.A lot of inevitable considerations, like:- Worse user experience (esp. vs. the competition!)- Breaking features

- More customer support resources required, etc.