Apple’s new Lockdown Mode defends against spyware


Apple had announced the launch of a new security feature called Lockdown Mode that will roll out with iOS 16, iPadOS 16, and macOS Ventura to protect high-risk individuals like human rights defenders, journalists, and dissidents against targeted spyware attacks.

When the new Lockdown Mode is enabled, it will provide Apple customers with messaging, web browsing, and connectivity protections designed to block mercenary spyware like NSO Group’s Pegasus used by government-backed hackers to monitor their Apple devices after infecting them with malware.

The threat actor’s attempts to compromise Apple devices using zero-click exploits targeting messaging apps such as WhatsApp and Facetime or web browsers will get automatically blocked, seeing that vulnerable features like link previews will be disabled.

The tech giant stated that turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.

The first version of Lockdown Mode will include protections for multiple operating systems features exposed to attacks, including:

  • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
  • Web browsing: Some complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  • Wired connections with a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM) while Lockdown Mode is turned on.

Besides, Apple has also established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections.

Also bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 — the highest maximum bounty payout in the industry.

It is important to note that the feature will not be switched on by default, but can be accessed by heading to Settings > Privacy & Security > Lockdown Mode.

Ivan Krstić, Apple’s head of Security Engineering and Architecture stated that the Lockdown Mode is a groundbreaking capability that reflects their unwavering commitment to protecting users from even the rarest, most sophisticated attacks.


Please enter your comment!
Please enter your name here