Apple's New Lockdown Mode for iPhone Fights Hacking:
Apple for years has marketed its iPhones, iPads and Mac computers as the most secure and privacy-focused devices on the market. Last week, it bolstered that effort with a new feature coming this fall called Lockdown Mode, designed to fight targeted hacking attempts such as the Pegasus malware, which some governments reportedly used on human rights workers, lawyers, politicians and journalists around the world. Apple also announced a $10 million grant and up to $2 million bug bounty to encourage further research into this growing threat.
The tech giant said that Lockdown Mode is designed to activate "extreme" protections to its phones, such as blocking attachments and link previews in messages, potentially hackable web browsing technologies, and incoming FaceTime calls from unknown numbers. Apple devices will also not accept accessory connections unless the device is unlocked, and people can't install new remote management software on the devices while they're in Lockdown Mode as well. The new feature is already available in test software being used by developers this summer and will be released for free publicly in the fall as part of iOS 16, iPadOS 16 and MacOS Ventura. Here's how to use Apple's Lockdown mode on an iPhone.
[...] The company's efforts to enhance its device security comes at a time when the tech industry is increasingly confronting targeted cyberattacks from oppressive governments around the world. Unlike widespread ransomware or virus campaigns, which are often designed to indiscriminately spread furthest and quickest through homes and corporate networks, attacks like those using Pegasus are designed for quiet intelligence gathering.
Apple representatives said the company sought to find a balance between usability and extreme protections, adding that the company is publicly committing to strengthening and improving the feature. In the most recent iteration of Lockdown Mode, which is being sent to developers in an upcoming test software update, apps that display webpages will follow the same restrictions that Apple's apps follow, though people can preapprove some websites to circumvent Lockdown Mode if needed. People in Lockdown Mode will also have to unlock their device before it'll connect with accessories.
[...] Ron Deibert, a professor of political science and director of the Citizen Lab cybersecurity researchers at the Munk School of Global Affairs and Public Policy at the University of Toronto, said he expects Apple's Lockdown Mode will be a "major blow" to spyware companies and the governments who rely on their products."
All of these "extreme" security measures sound as profound as disabling autorun for executables on Windows, which is to say that they should have been the default from the beginning! [--hubie]
(Score: 4, Insightful) by corey on Thursday July 14 2022, @11:42PM (2 children)
Sounds like I’ll have this turned on all the time then, this should be standard on by default.
(Score: 2) by Mykl on Thursday July 14 2022, @11:54PM
It sounds like some web pages will have trouble running, but they're probably the bits of the page you won't miss anyway (most likely the advertising components). Interesting that you seem to be able to switch this off on a per-site basis.
I agree that these sound like sensible defaults for most people. There was nothing in the list that would seriously limit my everyday use of the device if switched on.
I do wonder how confident Apple are about shutting out malware and state actors with these measures though - I'm sure there are still zero-days that will allow for circumvention. More to the point, users will presumably want to start with a blank device if they are truly paranoid, rather than locking down a device that has possibly already been pwned.
(Score: 2) by RedGreen on Friday July 15 2022, @02:18AM
"Sounds like I’ll have this turned on all the time then, this should be standard on by default."
Indeed this was my first thought when I read it, why not all the time already. They always go on about how secure their OS is now they list all the holes they leave wide open all the time and to top it off they are going to make it opt in to get full protection, so much for security.
"I modded down, down, down, and the flames went higher." -- Sven Olsen
(Score: 1, Interesting) by Anonymous Coward on Thursday July 14 2022, @11:49PM (1 child)
If executables in any form are still being accepted as data, this is just another marketing, not an engineering, solution.
(Score: 0) by Anonymous Coward on Friday July 15 2022, @01:27AM
Submitter here. I read this one, started to close it, thought about it, started to close it. Looks a lot like marketing hype, but, I subbed it anyway. The ideas sound good.
(Score: 5, Troll) by coolgopher on Friday July 15 2022, @12:20AM (1 child)
If they're not blocking JavaScript by default, are they even trying? Sounds like marketing spin mostly.
(Score: 3, Insightful) by coolgopher on Friday July 15 2022, @01:51AM
Troll? Really? Give me any example of where running random code on a system is a good idea? You can sandbox it all you want, but it'll only slow them down. We need to stop mixing data with code if we're going to have any real chance at securing things to a reasonable level.