Apple's new Lockdown Mode to secure devices against Pegasus-like attacks

Apple has announced a new security feature called Lockdown Mode to protect its users from state-sponsored spyware. The new feature is currently under preview and will be available after September with iOS 16, iPadOS 16, and macOS Ventura, the company added. 

Apple said it will continue to strengthen the new mode and add new features to it. Part of the strengthening process is finding weaknesses. For that Apple has announced a new bug bounty program for researchers who can find loopholes in the Lockdown mode and help the company fix it. The reward for the program will go up to $2 million, which is one of the highest bug bounty payouts in the industry. 

The Lockdown mode will be optional and will add an additional layer of security for users by limiting certain functionalities on the device that could be exploited by spyware to rescue the attack surface. 

For instance, in messages, this mode will block all attachments except images. Link previews will also be disabled. During web browsing, just-in-time (JIT) JavaScript compilation will be disabled unless the user decides to exclude a trusted site from this mode. This would prevent devices from getting hacked through malicious JavaScript codes.

In certain Apple services, any incoming requests such as FaceTime calls will also remain blocked if the recipient has not interacted with the sender before. This will prevent users from receiving requests from any unknown senders. 

In addition to these, all wired connections with a PC or accessory will remain blocked when the iPhone is locked. When the Lockdown mode is on, installation of configuration profiles will not be allowed and devices cannot enroll in mobile device management (MDM). 

“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” said Ivan Krstic, head of Security Engineering and Architecture at Apple. 

Krstic added that his company will continue to design defenses specifically for these users, and also support researchers and organizations around the world that are working on exposing mercenary companies that are enabling these spyware attacks. 

To support such organizations Apple has set aside a $10 million grant in addition to the money it gets in damages from the lawsuit against NSO Group. Apple filed a lawsuit against NSO Group and its parent company OSY Technologies last November for supplying the Pegasus spyware that was later used to target Apple customers in several countries. 

Apple had then said it will provide $10 million in a grant. The company has now shared more details on how the grant will be used.

The grant will be provided to the Dignity and Justice Fund established and advised by the Ford Foundation. The first grants will be made in late 2022 or early 2023 and will be directed towards organizations working on developing and standardizing forensic methods to detect spyware, increasing awareness among journalists and policymakers about the spyware industry, and enabling civil society to partner with device manufacturers and security firms. 

According to the findings of the Pegasus Project, NSO Group sells its spyware to several governments, who use it to spy on lawyers, activists, political leaders, and journalists. Around 174 people in India are believed to have been targeted by the spyware.