Computing Profession

Extreme Security for Users Targeted by Cyberattack

iPhone in Lockdown Mode
Using Lockdown Mode on an Apple device will block most attachment types in the Messages app and most incoming FaceTime calls, and wired connections to computers or accessories will be disabled.

On July 6, Apple announced a bold new feature across its devices, one designed to protect a small number of users from targeted (and potentially state-sponsored) cyberattacks.

The feature, Lockdown Mode, will be available in the company's upcoming iOS 16, iPadOS 16, and macOS Ventura updates. Lockdown Mode is an optional additional security mode to combat advanced digital attacks, "such as those from private companies developing state-sponsored mercenary spyware," according to a release by the company.

That means preventing targeted attacks from malware and spyware developed by companies like NSO Group, a firm specifically called out in the release.

NSO Group claims to provide intelligence technology that is used by governments to combat terror threats. However, the company has generated significant controversy for how its products are used (and abused). In one high-profile example, NSO Group's Pegasus spyware played a role in the state-sponsored murder of Saudi Arabian journalist Jamal Khashoggi. Apple is currently suing the company for surveilling Apple users with spyware.

To prevent sophisticated cyberattacks, Lockdown Mode takes some extreme security precautions. When enabled, it restricts most message attachments and disables several common web browsing technologies like just-in-time JavaScript. Lockdown Mode also blocks incoming FaceTime calls from unknown sources, and wired connections to an iPhone when it's locked. It stops anyone from installing configuration files or enrolling in mobile device management.

These features are designed to counter typical avenues used by sophisticated private or state-sponsored actors to compromise devices, says Betsy Sigman, director of Assessment and Analytics for the McDonough School of Business at Georgetown University. "The new security architecture decreases the likelihood that a severe attack on a system could occur by shutting down ways that have worked in the past."

Apple acknowledges Lockdown Mode is extreme security designed for a very small number of users who are being targeted by sophisticated actors. The company also admits Lockdown Mode will negatively impact the user experience with any device on which it is used, since it restricts the usage of key features in the interests of security.

That's the exact opposite of the company's typical playbook, says security expert Bruce Schneier."What Apple has done here is really interesting. It's common to trade security off for usability, and the results of that are all over Apple's operating systems. What they're doing with Lockdown Mode is the reverse: they're making every decision in favor of security over usability. The result is a user experience with a lot fewer features, which also means a much smaller attack surface."

It's a very considered approach from the tech giant, says Susan Landau, a professor of cybersecurity and policy at Tufts University. "Users can shut off Lockdown when they trust the source, but when they're using it they are well-protected—and much better protected than if the user tried to do such security on their own."

But can Lockdown Mode actually go toe-to-toe with the world's most sophisticated cyberattackers?

Schneier thinks so. "There aren't a lot of people who need Lockdown Mode, but it's an excellent option for those who do."

Landau agrees. "Yes [it is a reliable form of security], though no form of security is foolproof unless you disconnect the device from all forms of communication," she says.

Apple is investing to make sure that Lockdown Mode keeps up with new threats. The company plans to add new features regularly. It's also offering bounties of up to $2 million to any researcher who finds exploits in Lockdown Mode. That's double the upper limit that the company typically offers to researchers who find ways to hack its software and hardware.

Further, the company has announced a $10-million grant to fund organizations that work to counter cyberattacks. (Apple has stated it will contribute money to the grant from any damages it receives from the pending lawsuit against NSO Group.)

Even though Lockdown Mode isn't yet available, it's likely to have significant implications for Apple and for leaders of countries when it is, says Sigman.

"For Apple, it burnishes its already-strong reputation as a leader in digital privacy and security," she says. "For countries and their officials, Lockdown will be useful for protection in ever-changing and dangerous circumstances."

Lockdown Mode might not only be valuable for political figures and dissidents, either. The corporate world has plenty of use cases for the technology, says Sigman.

"The importance of solving security problems for energy, high tech, finance, the supply chain, and other vital sectors is crucial. High-level executives in these fields could benefit from the security features of Lockdown Mode."

Logan Kugler is a freelance technology writer based in Tampa, FL, USA. He has written for over 60 major publications.

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More