Apple CEO Tim Cook delivers a speech during the European Union Privacy Conference at the European Parliament in Brussels, Belgium, October 24, 2018.
yves herman | Reuters
Apple on Wednesday announced a new feature for iPhones called Lockdown Mode to protect high-level users such as politicians and activists from state-sponsored hackers.
Lock mode disables several iPhone features to make it less vulnerable to spyware by significantly reducing the number of features attackers can access and potentially hack.
The tech giant will pay up to $2 million to researchers who find a security flaw in lockdown mode.
The announcement comes months after revelations that state-sponsored hackers had the ability to hack recent iPhone models with “zero-click” attacks distributed via text messages. These attacks can succeed even if the victim does not click on a link.
The iPhone maker has faced increasing calls from governments to fix the problem. In March, US lawmakers pressed Apple on details of the attack, including whether it could detect them, how many had been discovered, and when and where they happened.
Most hackers are financially motivated and most malware is designed to trick a user into giving up valuable information like a password or giving the attacker access to financial accounts.
But state-sponsored attacks targeted by lockdown mode are different: they use very expensive tools sold directly to law enforcement or sovereign governments, and use undiscovered bugs to gain a foothold in the operating system. from the iPhone. From there, attackers can do things like control its microphone and camera, and steal the user’s browsing and communication history.
Lockdown mode is for the small number of people who think they may be targeted by a state-sponsored hacker and need an extreme level of security. Victims targeted by military-grade spyware include journalists, human rights activists and business executives, according to The Washington Post. Spyware has also reportedly been used to target public officials, including a French minister and Catalan separatist leaders in Spain.
“While the vast majority of users will never fall victim to highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” said Ivan Krstić, engineering and architecture manager at security at Apple, in a press release.
There are several types of mercenary spyware, but the most well-known version is Pegasus, which was developed by NSO Group in Israel. Recently, researchers from the University of Toronto and Amnesty International discovered and documented versions of this type of spyware targeting iPhones.
NSO Group has previously said its technology is used legally by governments to fight pedophiles and terrorists.
NSO Group is hated by big tech companies, especially Apple, which markets its devices as more secure than the competition. Apple sued the NSO Group last year, claiming it was malicious and harmed Apple’s business. Facebook parent company Meta is also suing NSO Group over its alleged WhatsApp hacking efforts.
Last November, the US Commerce Department blacklisted NSO Group, barring US companies from doing business with it, one of the strongest measures the US government can take to hit foreign companies.
Apple says the vast majority of the 1 billion iPhone users will never be targeted. Mercenary spyware like Pegasus can cost hundreds of millions of dollars, Apple says, so the tools are valuable and only used to target a small number of users. Once new versions of spyware are discovered, Apple fixes the bugs they use, rendering the original exploits ineffective and forcing vendors like NSO Group to reconfigure how their tools work.
Lockdown mode won’t be enabled by default, but can be activated from iPhone Settings with a single click, Apple said. It will also be available for iPad and Mac.
The new feature will be available for testing on an iOS beta this week ahead of its planned large-scale release in the fall.