Why Apple Lock Mode is one of the most interesting security ideas ever produced

apple

Mercenary spyware is one of the most difficult threats to combat. It targets an infinitesimally small percentage of the world, which makes it statistically unlikely that most of us will ever see it. And yet, because sophisticated malware only selects the most influential people (think diplomats, political dissidents, and lawyers), it has a devastating effect that is very disproportionate to the small number of infected people.

This jeopardizes device and software manufacturers. How to create something to protect what is probably well below 1 percent of its user base against malware created by companies like NSO Group, maker of click-free farms that instantly convert iOS and Android devices fully updated on sophisticated bug fixes.

There is no safety snake oil here

On Wednesday, Apple unveiled an ingenious option it plans to add to its flagship operating systems in the coming months to counter the threat of mercenary spyware. The company is sincere, almost on the face of it, that lock mode is an option that will degrade the user experience and is only intended for a small number of users.

“Lock mode offers an extreme and optional level of security for the few users who, by who they are or what they do, can be personally targeted by some of the most sophisticated digital threats, such as those of the NSO group and other private companies companies that develop state-sponsored mercenary spyware, “the company said. “Enabling lock mode on iOS 16, iPadOS 16 and macOS Ventura further tightens the device’s defenses and strictly limits certain features, drastically reducing the attack surface that could be exploited by highly targeted mercenary spyware.”

As Apple says, the lock mode disables all types of protocols and services that work normally. JavaScript just in time, an innovation that speeds up performance by compiling code on the device during runtime, will not run at all. This is likely to be a defense against the use of JiT spraying, a common technique used in the exploitation of malware. While in lock mode, devices cannot be registered in what is known as mobile device management, which is used to install special organization-specific software.

Announcements

The full list of restrictions is:

  • Messages: Most message attachment types other than images are blocked. Some features, such as link previews, are turned off.
  • Web browsing: Certain complex web technologies, such as just-in-time JavaScript (JIT) compilation, are turned off unless the user excludes a trusted site from blocking mode.
  • Apple Services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent a call or request to the initiator.
  • Wired connections to a computer or accessory are blocked when the iPhone is locked.
  • Configuration profiles cannot be installed and the device cannot register with mobile device management (MDM) while the lock mode is activated.

It’s helpful for Apple to be honest about the extra friction the lock adds to the user experience because it underscores what all security professionals or amateurs know: Security always comes with a commitment to usability. It’s also encouraging to hear from Apple’s plans to allow users to list sites that can serve JavaScript JIT while in lock mode. We cross our fingers that Apple could allow a similar allowed list of trusted contacts.

The lock mode is very important for many reasons, among which no less important is that it comes from Apple, a company that is hypersensitive to customer perception. Officially recognizing that your customers are vulnerable to the scourge of mercenary spyware is a big step.

But the movement is great for its simplicity and concreteness. There is no safety snake oil here. If you want better security, learn to do without the services that pose the greatest threat. John Scott-Railton, a Citizen Lab researcher who knows a thing or two about counseling victims of NSO spyware, said the lock mode provides one of the first effective courses that vulnerable people should follow before to turn off your devices completely.

“When you notify users who have been attacked with sophisticated threats, they inevitably ask, ‘How can I make my phone safer?'” He wrote. “We haven’t had a lot of great, honest answers that really have an impact. Hardening a consumer phone is really out of reach. “

3 / There is a common mental barrier between large platforms and operating system developers around the incorporation of high security features.

Many unavoidable considerations, such as:

– Worse user experience (especially compared to the competition!) – Rupture functions- More customer support resources are needed, etc.

– John Scott-Railton (@jsrailton) July 6, 2022

Now that Apple has opened the door, it is inevitable that Google will follow suit with its Android operating system and it would not be surprising for other companies to adjust as well. It can also start a useful discussion in the industry about broadening the approach. If Apple allows users to turn off unsolicited messages from strangers, why can’t they offer an option to turn off built-in microphone, camera, GPS, or mobile capabilities?

One thing everyone should know about lock mode, at least as described by Apple on Wednesday, is that it doesn’t stop your device from connecting to cellular networks and issuing unique identifiers like IMEI and ICCID. This is not a critique, just a natural limitation. And compensation is a key part of security.

So if you’re like most people, you’ll never need lock mode. But it’s great that Apple is offering it because it will make us all safer.

Leave a Comment

Your email address will not be published. Required fields are marked *