Mercenary spyware is among the most difficult threats to remove. It is statistically unlikely that the majority of us will ever see it because it only focuses on an infinitesimally tiny segment of the world. However, although exclusively targeting the most powerful people (such as diplomats, political dissidents, and lawyers), the sophisticated software has a devastating impact that is greatly out of proportion to the limited number of infected persons.
Making devices and software as a result is difficult. How can malware created by organisations like NSO Group, which creates clickless exploits that instantly turn fully updated iOS and Android devices into sophisticated bugging devices, be made to safeguard what is likely well below 1% of your user base?
There is no security snake oil here
On Wednesday, Apple gave users a sneak peek at a brilliant feature it would soon include into its flagship operating systems to counter the threat of mercenary spyware. The firm is quite front—almost in your face—about the fact that Lockdown mode would negatively impact user experience and is only meant for a select group of users.
According to the company, “Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware,” “Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”
The complete list of limitations is as follows:
- Messages: All attachment kinds besides photos are restricted. Link previews are one of the functions that is deactivated.
- Apple services: If the user has not already made a call or requested a service from the initiator, incoming invitations and requests, including FaceTime calls, are denied.
- When iPhone is locked, wired connections to a computer or device are disabled.
- While Lockdown Mode is activated, configuration profiles cannot be installed and the device cannot be enrolled in mobile device management (MDM).
Lockdown mode is significant for many reasons, not the least of which is the fact that it was developed by Apple, a business that is extremely sensitive to user opinion. It’s a major move for a company to formally admit that its clients are susceptible to the scourge of mercenary spyware.
However, the change is significant due to its simplicity and concreteness. This is not security snake oil. Learn to live without the services that offer the highest security risks if you desire improved security. Lockdown mode is one of the first useful steps for those who are vulnerable to follow before completely shutting off their devices, according to Citizen Lab researcher John Scott-Railton, who has experience counselling victims of NSO malware.
“When you notify users that they’ve been targeted with sophisticated threats, they inevitably ask ‘How can I make my phone safer?” he wrote.
’ “We haven’t had many great, honest answers that really make an impact. Hardening a consumer handset is really out of reach.”
Given that Apple has paved the way, it seems certain that Google will follow suit with its Android operating system, and it wouldn’t be unexpected if other businesses followed after. It might also spark a fruitful debate on widening the approach within the field. Why can’t Apple provide users the option to stop built-in microphone, camera, GPS, or cellular capabilities if it will allow them to prevent unsolicited messages from unknown sources?
Lockdown mode doesn’t prevent your smartphone from connecting to cellular networks and broadcasting unique identifiers like IMEI and ICCID, at least according to how Apple defined it on Wednesday. That’s just a natural limitation; it’s not a critique. Additionally, security fundamentally involves trade-offs.