by 
Apple
Mercenary spyware is one of the toughest threats to combat. It targets an incredibly small percentage of the world, making it statistically impossible for most of us to see. And yet, because complex malware only selects the most influential individuals (think diplomats, political opponents, and lawyers), it has a devastating effect that is far from proportional to the small population.
This puts the tool and software makers in a quandary. How do you create something that has less than 1 percent of your user base against malware created by companies like NSO Group, the creator of Click Useless Users that instantly complexes fully updated iOS and Android devices Change tools.
There is no security snake oil
On Wednesday, Apple looked at a smart option that it plans to add to its flagship OS in the coming months to counter the mercenary spyware threat. The company is up front – almost in front of you – this is a lockdown option that will spoil the user experience and be only for a small number of users.
“The lockdown situation offers a very optional level of security for very few users who are doing what they are doing, perhaps personally targeted by some of the most complex digital threats, such as the NSO group and others. From private. Companies create state-funded hired spyware, ”the company said. “Enabling lockdown mode on iOS 16, iPadOS 16, and macOS Ventura further tightens device defenses and severely restricts certain functions, rapidly reducing attack levels that could potentially be used by highly targeted mercenary spyware. “
As Apple says, the lockdown state disables any protocols and services that run normally. Time JavaScript – an initiative that speeds up performance by collecting code on the device while running – will never run. This is likely to be a defense against the use of JiT-Spring, a common technique used in malware exploitation. While devices in lockdown mode also cannot register what is known as mobile device management is used to install specific organization specific software.
The full list of restrictions is as follows:
- Messages: Most types of messages are blocked without pictures. Some features, such as link previews, are disabled.
- Web Search: Some sophisticated web technologies, such as JIT scripting over time (JIT), are inactive without users being able to remove a trusted site from a lockdown state.
- Apple Services: Incoming calls and service requests, including FaceTime calls, are blocked if users have not already sent a call or request to the launcher.
- The wired connection to the computer or device is cut off when the iPhone is turned off.
- Configuration profiles cannot be installed, and the device cannot register in Mobile Device Management (MDM), while the lockdown mode is enabled.
It’s useful that Apple is leading the way in additional veins Lockdown adds to the user experience as it highlights what every security professional or enthusiast knows: Security always results in the closure of a business with use. It’s also encouraging to hear Apple’s plans to allow users to list sites that are allowed to serve JIT JavaScript in the event of a lockdown. Over the top Apple may have enabled a similar permission list for trusted contacts.
The lockdown situation is a big deal for a number of reasons, not least because it comes from Apple, a company that is very sensitive to customer perceptions. Officially acknowledging that these customers are at risk of mercenary spyware is a big step.
But the movement is huge because of its simplicity and concrete. There is no security snake oil. If you want better security, learn to do without services which is the biggest threat. John Scott Rilton, a city laboratory researcher who knows a thing or two about advising NSO spyware victims, Said The lockdown condition provides one of the first effective courses for vulnerable individuals to follow the brief to completely shut down their devices.
“When you alert users that they have been targeted with complex threats, they definitely ask, ‘How can I protect my phone?’ He wrote. ‘ “We don’t have many great, honest answers that really make an impact. Tightening the consumer handset is really out of reach.
3 / There is a common mental barrier between major platforms and OS developers that is close to the mainstream of high security features.
Many unavoidable ideas, such as:
– Bad user experience (e.g. competition!)
– Breaking characteristics
– More resources of customer support are needed, and so on.– John Scott Rilton (jsrailton) July 7, 8
Now that Apple has opened the door, it is inevitable that Google will follow suit with its Android OS and it will come as no surprise that other companies will also be on the line. This may start a useful discussion on expanding the vision in the industry. If Apple allows users to disable unsolicited messages from unknown people, why can’t it provide an option to disable built-in microphone, camera, GPS, or cellular capabilities?
One thing everyone should know about the lockdown situation, at least as explained by Apple on Wednesday, is that it allows your device to connect to cellular networks and broadcast specific identifiers such as IMEI and ICCID. Does not prevent. This is not a criticism, just a natural limitation. And business is a key part of security.
So if you’re like most people, you never need a lockdown mode. But it’s great that Apple will offer it because it will save us all.
