Apple unveils new Lockdown Mode in iOS 16 to fight off state-sponsored cyber attacks

The iPhone maker is also offering up to $2m in bounty rewards for those who find vulnerabilities in this new feature

Apple says Lockdown Mode will limit certain functions on phones, making cyber attacks on the devices more difficult. AP
Beta V.1.0 - Powered by automated translation

Apple announced a security feature in its forthcoming software updates to help protect users from state-sponsored cyber attacks.

Lockdown Mode — which Apple says is the first major capability of its kind — will be integrated into iOS 16, iPadOS 16 and macOS Ventura, which are expected to be launched in September along with the next iteration of the iPhone.

The feature offers an optional but “extreme” level of security for the expected very few users who may be the targets of digital threats from companies developing state-sponsored mercenary spyware.

Turning on Lockdown Mode on iPhones, iPads or Macs will limit certain functions, reducing scope for vulnerability to an attack surface.

The feature is an “extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security”, Apple said.

While the company acknowledges that most of its users are unlikely to be hit with such a cyber attacks of such a high degree, the move shows that it is taking no chances.

“While the vast majority of users will never be the victims of highly targeted cyber attacks, we will work tirelessly to protect the small number of users who are,” Ivan Krstić, Apple’s head of security engineering and architecture, said in the Apple newsroom release.

Apple introduced Lockdown Mode to protect users from state-sponsored cyber attacks.

“That includes continuing to design defences specifically for these users, as well as supporting researchers and organisations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

State-sponsored cyber attacks are those carried out by criminals who are directly linked to or sponsored by a nation-state, and their main aims are to gather intelligence, exploit vulnerabilities in national infrastructure and extortion.

Apple's Lockdown Mode at a glance

At launch, Lockdown Mode will include the following protections:

Messages: Most attachment types other than images are blocked. Some features, like link previews, are disabled

Web browsing: Certain complex web technologies, like just-in-time JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode

Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request

Connectivity: Wired connections with a computer or accessory are blocked when an iPhone is locked

Configurations: Configuration profiles cannot be installed, and the device cannot enroll into mobile device management while Lockdown Mode is on

Among the segments that are at risk from these threats are public services and utilities, companies with active government contracts, local government entities, high-value companies, businesses known to handle sensitive information, organisations that could be severely affected by IT downtime and businesses with offices or operations in a potentially volatile region, according to Florida-based IT risk management firm Securance Consulting.

Cyber attacks are on the rise, with perpetrators finding more ways to trick unsuspecting victims. Global damage inflicted by such attacks was estimated to cost about $20 billion in 2021, up fourfold from $5bn in 2017, and far higher than $325 million in 2015, according to industry publication Cybersecurity Ventures.

The costs of cyber attacks are projected to rise to $42bn by 2024, $71.5bn by 2026, $157bn in 2028, and $265bn by 2031, the report said.

State-sponsored attacks pose significant risks, and such high threats are contributing towards increased spend on cyber security: the global industry is projected to grow from $125.5bn in 2020 to $198bn in 2025, according to analytics company GlobalData.

Apple said it will continue to update Lockdown Mode by adding more protection over time. It also created a category within the Apple Security Bounty programme to reward researchers who find Lockdown Mode bypasses and bugs, with bounties doubled up to a maximum of $2m — the highest possible bounty payout in the industry.

Apple also announced that it is making a $10m grant to support organisations that investigate, expose and prevent highly-targeted cyber attacks, the statement said.

The grant will be made to the Dignity and Justice Fund established and advised by the Ford Foundation and designed to pool philanthropic resources to advance social justice globally.

Updated: July 09, 2022, 4:03 PM
Apple's Lockdown Mode at a glance

At launch, Lockdown Mode will include the following protections:

Messages: Most attachment types other than images are blocked. Some features, like link previews, are disabled

Web browsing: Certain complex web technologies, like just-in-time JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode

Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request

Connectivity: Wired connections with a computer or accessory are blocked when an iPhone is locked

Configurations: Configuration profiles cannot be installed, and the device cannot enroll into mobile device management while Lockdown Mode is on

NEWSLETTERS
MORE FROM THE NATIONAL