‘Lockdown Mode’ is Apple’s latest feature for iOS 16, iPadOS 16 and macOS Ventura. The feature–which will be optional–is aimed at fighting ‘mercenary’ spyware such as Pegasus and Hermit. But what exactly is Lockdown Mode, and when will Apple release it? What exactly will it do when activated. We answer all your questions.
Is Lockdown mode available right now?
Lockdown Mode is not available on iOS, iPadOS or macOS right now. It will be once the new software starts rolling out in September after the iPhone 14 series. However, reports indicate that the Apple iOS 16 developer beta 3 does have Lockdown Mode as part of it. Installing the developer beta requires a developer account if you are itching to try this out. The public beta for iOS 16 is expected to roll out next week, according to some leaks. We will have to wait and see if the public beta includes this feature or not.
Will Lockdown Mode be turned on by default?
It will not be turned on by default. This is an ‘optional’ level of security, which even Apple says is an ‘extreme’ one and aimed at very few users. It is not clear if users will be able to turn the Lockdown Mode off once they do opt-in, but it will likely be the case.
So who should use Lockdown Mode?
This is meant to secure the devices of those users who are likely to find themselves targeted by sophisticated mercenary spyware. This could be journalists, activists, dissidents, politicians, etc in countries who have a reasonable fear of surveillance. The Lockdown Mode will also be aimed at reassuring those who have been targeted with Pegasus, Hermit and other such spyware in the past and might have found out that their devices were compromised.
Of course, if you as a user are extremely worried about security and privacy, you can always turn it on, once it does become available. But remember it will also curtail some features on the device.
So what will Lockdown Mode really do?
Apple says this will enhance security and might restrict some functions and services. Once activated, the following changes take place, according to Apple’s press statement.
Messages: Most message attachment types other than images are blocked on the app. Some features, such as rich link previews, will be disabled when shared on Messages. This is important, because vulnerabilities in the Messages app have been exploited in the past by spyware vendors to gain further access to the device.
Apple services: Apple will not allow incoming invitations and service requests, including FaceTime calls from strangers. Meaning if “the user has not previously sent the initiator a call or request,” no FaceTime call or request will go through.
No wired connections with a computer or accessory when the iPhone is locked.
Configuration profiles cannot be installed on the device when it is in this mode. This would mean that VPN profiles, which users need to install to access these services, would not be possible in this mode. Further, Apple notes that the “device cannot enrol into mobile device management (MDM), while Lockdown Mode is turned on.” This is a mode often used by enterprises or organisations on employee devices to install their own apps, profiles, etc. The recent Hermit spyware case showed that hackers exploited certifications given to ‘enterprise apps’ to bypass the App Store and sideload compromised apps on victims’ devices.
Apple also states it will continue to add more features to Lockdown mode. It is also inviting researchers and cyber security experts to help improve this mode and find flaws in it.
Why is Apple introducing this? Weren’t iPhones best at security?
While Apple’s iPhones are considered more secure compared to Android, the past few years have shown they are still vulnerable to sophisticated attacks. Especially in the case of Pegasus and Hermit, it is clear that neither Apple’s security nor Google’s was enough. As Apple itself notes, this mode is aimed at dealing with the issue of “highly targeted mercenary spyware.” In this case, the victims are a select few–very often chosen carefully by the states which have deployed such spyware with the help of companies that license these for a large sum. The spyware is installed with the aim of surveillance and in some cases to plant false evidence against them.
Such spyware is built by private companies, such as NSO Group–known for Pegasus or RCS Lab– believed to have deployed Hermit. The license for such spyware typically costs millions of dollars. In the case of Pegasus, extensive research by Amnesty International and Citizen Lab– which is part of the Toronto University’s Munk School of Global Affairs & Public Policy– showed that Apple’s latest iPhones had been compromised.
In Hermit’s case, Google suspects the attackers decided to exploit Apple’s instructions on the distribution of proprietary in-house apps on its devices. So the spyware vendor likely created a front or shell company where it managed to get certification for an ‘enterprise app’ from Apple. This app could then be sideloaded while bypassing the App Store.
Apple only allows this for enterprise apps, which have managed to get such certifications. And to get this certification would have required a larger operation. It has been reported that Apple later pulled certifications for such apps, once Google’s Threat Analysis Group revealed the operations. The app was never available on the App Store, according to security researchers.
As it has been pointed out before, spyware vendors are constantly trying to find new methods, exploits to infiltrate devices, be it Apple’s iPhone, an Android phone or a laptop. Apple’s Lockdown Mode is just one attempt to stay ahead of the problem. Lockdown Mode is, of course, not a foolproof solution, and it will be expand further in the future.