The action follows waves of attacks documented by the Washington Post and others showing that iPhones were hacked by Pegasus spyware distributed by Israeli company NSO Group and then used to capture contact information and email. live audio. But while Pegasus has prompted Apple to take action, it’s not the only spyware that would be hampered by the new feature.
Once enabled, lock mode will block most types of message attachments and prevent the phone from previewing web links, which are frequently used to deliver spyware. Locking a phone will disable wired connections to computers and accessories used to take control of devices that have been seized by police or stolen by spies.
Apple’s lockdown tactic resolves a longstanding tension in its design approach between security concerns and the pursuit of easy-to-use, highly functional capabilities. The added usability has made the phones more vulnerable to attacks via iMessage, FaceTime and other software. Lockdown mode gives users the choice whether or not to retain these features. When enabled, it limits what the phone can do.
Ivan Krstić, head of security engineering at Apple, said “the vast majority of users” won’t need high-security mode, but the company will work with security researchers to continue protecting the security. high-risk minority. The most secure mode can be easily toggled on and off, but Apple said the highest value targets are likely to leave it on.
After The Post and an international media consortium reported last year that Pegasus had been used against political dissidents, human rights defenders and journalists, Apple sued NSO and issued its first sweeping notices to those that could have been hacked by NSO’s government customers. The United States, alarmed by the ubiquity of spyware, has placed NSO on a trade blacklist that prohibits it from doing business with American companies.
Despite the hype, iPhone security is no match for NSO spyware
Although NSO says it limits its buyers to governments and only allows the spyware to be used against terrorists and criminals, the spyware was found on a phone belonging to the wife of the slain Post columnist Jamal Khashoggi, as well as those of several French ministers, the former wife and daughter of the ruler of Dubai and Saudi dissident.
Apple sues Israeli spyware maker NSO over its Pegasus spyware
Researchers at the University of Toronto’s Citizen Lab last year captured what they said was a new version of Pegasus that exploited Apple devices via iMessage without requiring any action from the victim to install. This triggered an Apple investigation and target notifications.
In a call with reporters on Tuesday, Apple representatives said those warnings have now been issued to residents of 150 countries, underscoring the dramatic scale of the problem.
Pegasus spyware used to hack US diplomats working overseas
Citizen Lab founder Ron Deibert said that while he hasn’t tried the new setup, it’s “in line with the steps we’ve advocated for companies to take.”
“Anything that can reduce the attack surface is something we really appreciate,” he said.
Israel blocked Ukraine from obtaining powerful Pegasus spyware
Apple has pledged to donate any damages it wins in its lawsuit against NSO to efforts to expose and mitigate the impact of spyware. In Wednesday’s announcement, Apple said an initial $10 million grant it promised to give went to the Dignity and Justice Fundwhich is advised by the Ford Foundation.
The fund will benefit from the technical advice of a committee made up of Krstić, Deibert and experts from Amnesty International, which cooperated in the Pegasus project last year, and the advocacy group Access Now.
The Ford Foundation’s Lori McGlinchey said she hoped to direct the money to help new anti-spyware efforts in several areas and “help empower the global cyberweapons trade.”
As an example, McGlinchey cited efforts to lobby software company shareholders against support for unethical conduct.