Apple’s Lockdown Mode: a decent attempt, but no panacea
The tech giant’s newly introduced capacity to manually limit a device’s attack surface is a step in the right direction, but Lockdown Mode will hardly protect a victim from dedicated nation-state attackers in the long run.
Apple recently announced that a new version of its operating system (OS) would be equipped with a Lockdown Mode. The company calls it extreme and optional protection for the very small number of users “who face grave, targeted threats to their digital security.”
Apple developed the feature to help activists, journalists, and stakeholders protect against spyware, such as the infamous Pegasus software. Created by the NSO Group, the spyware specifically targeted Apple devices, which led the company to sue the Israeli spyware developer.
Understanding the do’s and don’ts
While additional security measures are an important step in the right direction, it‘s vital that users understand what the Lockdown Mode does and doesn‘t do, says Brian Contos, chief security officer of Phosphorus Cybersecurity.
“Ultimately, this feature strips the device OS of a lot of functionality and features that attackers can exploit – so it’s basically about reducing the device’s attack surface. This is not adding advanced new features for detecting or preventing malware and zero-day attacks,” Contos explained to Cybernews.
For example, among other things, the new feature would prohibit the installation of configuration profiles, a common method hackers use to install malware on a victim’s device. However, reducing the threat surface will undoubtedly affect the overall usability of the device.
This begs a certain question. Dr Chris Pierson, CEO of cybersecurity firm BlackCloak, ponders whether users who should have the Lockdown Mode activated will choose to do so. People who are supposed to be protected by the feature – journalists and activists – have little use for a partly bricked phone.
"While Lockdown Mode will certainly benefit higher-risk users with added security on their iPhones, this should not be seen as a panacea for all cybersecurity risks to those devices,"Dr Chris Pierson, CEO of cybersecurity firm BlackCloak, said.
“The key will be the implementation of these controls and whether they are either all on or off or if the user can tailor the experience for themselves,” Pierson said.
One of the key advantages of the Lockdown Mode could be an increased barrier for attackers, according to Daniel Trauner, Senior Director of Security at Axonius. Assuming that targets have the new feature activated, threat actors would have to dedicate time and resources to squeeze their way in via a reduced attack surface.
“Apple is realistic in knowing that Lockdown Mode won’t stop all attacks – that’s impossible – but it does put forth a commendable effort in disabling parts of the total attack surface that have traditionally contained the most zero-click exploit primitives. This drives the cost of a successful attack way up, which is meaningful to many threat actors,” Trauner explained.
This won’t clip Pegasus’ wings
Apple engineers seem to be confident about the reliability of the Lockdown Mode. The company will offer a $2 million bug bounty program, signaling that only advanced attackers could try penetrating Apple’s defenses.
However, that’s precisely the type of threat actors the feature should protect against. While the Lockdown Mode will defend against sophisticated spyware such as Pegasus at first, the novelty can quickly wear off.
“The reality is that nation-state hackers, who are the real focus of this new Apple protection, are going to review this software update just like every other developer. They are going to test it out, poke it and prod it, and figure out new ways to work around it,” Contos said.
The reality of high-stakes cyber threats is that threats never stop evolving, and people behind prominent advanced persistent threats are likely already looking into workarounds for the soon-to-be-released feature. And eventually, they will find a way to get in.
Developers of military-grade spyware generally rely on zero-day vulnerabilities that by definition have no defenses, Pierson thinks. As long as threat actors discover zero-days, incarnations of Pegasus-like spyware will remain prominent.
“While Lockdown Mode will certainly benefit higher-risk users with added security on their iPhones, this should not be seen as a panacea for all cybersecurity risks to those devices. Targeted attacks will continue, and high-profile users will face new threats,” Pierson explained.
Since the Lockdown Mode will roll out with the new version of Apple’s operating system, all users will have access to a heightened device security level. Few, however, will benefit from it, says Russell Kent-Payne, the director of mobile security firm Certo.
“While it will offer some extra protection for everyday users, it will do little to stop things like commercial spyware or stalkerware, which are the sort of threats that most people are far more likely to encounter,” Kent-Payne explained.
Few will sacrifice their device functionality over security. Nor that they should, as most users will never be targeted by sophisticated state-sponsored hackers.
“Instead, most users should continue to focus on essential elements of cyber-hygiene, including enabling strong MFA [multi-factor authentication] whenever possible, avoiding password reuse across services, and installing security updates as soon as they are available,” Trauner said.
More from Cybernews:
Shanghai police data leak may be a national security concern for China
Cryptocurrency: how to keep yours safe
Meta sues data scrapers with China and Turkey ties
TikTok sued for Blackout Challenge after child deaths
China ramps up its cyber espionage efforts against Russia
Subscribe to our newsletter
Your email address will not be published. Required fields are marked