Apple to introduce new Lockdown feature to defend against spyware
14-07-2022 | By Robin Mitchell
After the fallout from Pegasus, Apple has announced that it will introduce a lockdown feature that will prevent spyware from accessing Apple devices. What did the Pegasus spyware do, how will the new lockdown feature work, and what challenges does spyware present?
What does the Pegasus spyware do?
Several years ago, the Pegasus spyware software hit the news headlines after it was leaked that the software was being used to target all kinds of political dissidents, journalists, and key members of state. The Pegasus spyware is particularly frightening as it can be installed remotely onto a device without it ever showing up. Once the victim clicks a suspicious link, it jailbreaks the device and initialises an install, and once installed, it has full access to messages, calls, password collecting, location tracking, microphone access, camera access, and harvesting information from other apps. Some versions of the Pegasus spyware can even install themselves onto devices with zero user interaction (called a zero-click vulnerability).
The spyware creators based in Israel, NSO Group, initially developed the tool as a means for “authorised governments” to prevent acts of terrorism by accessing data from suspects. However, the tool was quickly used by authoritarian governments to track those that posed a threat to their rule as well as other world leaders. For example, key members of state in both the United States and the United Kingdom were found to be infected with Pegasus with the belief that the source of the attack originated from the United Arab Emirates. After the revelations of the spyware, NSO Group has now been placed on a US trade blacklist and is facing multiple lawsuits from Apple and WhatsApp.
How will Apple’s Lockdown feature work?
Recognising the challenges of spyware, Apple recently announced the development of a new Lockdown Mode feature. When a device is in this mode, the iPhone restricts access to key system resources, prevents unknown callers from making calls to the device, and blocks multiple forms of media, including links and images. The ability to prevent unknown callers from establishing a call is an important feature as the Pegasus spyware can install itself via WhatsApp calling even if the other end doesn’t answer.
Additional, the new feature will also block features inside of apps such as Just-In-Time JavaScript compilation in Safari, prevent hardwired access over USB so that unsuspecting users cannot upload firmware, and will also prevent the installation of configuration profiles. Furthermore, Apple has also acknowledged that its cybersecurity bounty scheme doesn’t offer high enough rewards for reported vulnerabilities and, as such, will double the reward to $2m for anyone who can find flaws in Lockdown Mode. On top of this, Apple will also offer $10mn to organisations looking to expose illegitimate use of spyware.
What challenges does spyware present?
In an age where digital technologies dominate, having access to a person’s device (and by that extension, messages, pictures, and browsing history) is a frighting concept. Sure, there are those that believe their lives are so dull that government agencies would not be interested in them. However, the ability to break into a phone and have remote access not only opens up the device used to having data stolen, but it also allows a third party to plant evidence on the phone.
For example, imagine a government activist who is challenging human rights violations by an authoritarian government. The Pegasus spyware allows the government to monitor their communications, identify other people of interest, and track their location, but it could also be used to plant illicit content on devices (such as child pornography). With the evidence placed, local authorities would be instructed to arrest the individual, find the evidence, and report it to state media to discredit their work against the government.
As electronic devices become more complex, finding all bugs and vulnerabilities becomes increasingly difficult. Furthermore, the increased reliance on digital technologies also presents hackers with new attack vectors, and the increased use of connected devices across the internet allows hackers to reach victims anywhere in the world.
If spyware such as Pegasus is to be stopped, it might be needed for new devices to integrate physical switches that outright disconnect cameras, microphones, and memory modules to outright prevent access. Failing this, it may be necessary that people take a step back from highly digitised lives and start to rely on older technologies; a message inside of a briefcase is harder to hack than a phone!