One of the rules malware creators have always followed is to target the biggest audience possible. That’s one of the reasons there are fewer viruses and malware for MacOS versus Windows. It’s a simple matter of Windows holding a larger share of the market. On mobile though, Apple has a massive global footprint. This offers bad actors and malware creators a big, juicy target. This can lead to embarrassing situations for Apple along with gross violations of its users’ privacy. For example, several years ago the NSO Group from Israel famously targeted Apple’s handset with its Pegasus spyware. It was eventually revealed that it had been inconspicuously installed on the phones of journalists, activists, and business leaders around the world. This activity resulted in a lawsuit by Apple, and also helped lead to its newest security feature: Lockdown Mode.
This new security feature is optional, and it will be available this fall in iOS 16, iPadOS 16, and Ventura MacOS. Apple says it developed it for the very small number of users who might need it based on what they do, or who they are. It’s designed to offer protection from the most sophisticated malware in the world. That includes state-sponsored malware, which Apple calls “mercenary spyware.” Apple says it will “harden defenses” while reducing attack vectors via strict limitations on what the phone can do.
When enabled, it will impose the following restrictions:
- Messages: Most attachments other than images will be blocked. It also won’t allow link previews. This was how Pegasus was installed, via text message. A lot of malware is deployed this way, asking the user to click a link in a text.
- Apple Services: Incoming service requests are blocked by default. This includes FaceTime calls. The user has to initiate all such requests.
- When the phone is locked, it will refuse all wired connections. This includes to computers and accessories. This is likely in response to the OMG Cable that could steal user data when plugged into the phone.
- Configuration profiles are blocked from installation. The device also cannot be enrolled in Mobile Device Management (MDM). This is a feature IT uses to deploy profiles and to send commands to phones in an organization remotely.
Apple says it will continue to add new features to Lockdown Mode over time. In addition, it is doubling its usual bounty for anyone who can penetrate a phone with it enabled. Apple is offering up to $2,000,000 to anyone who can breach its device in this mode. It says this is the highest bounty available in the industry right now.