For most of its existence, Apple has built its reputation on careful design and marketing, and delivering what’s new before people even know they want it. What’s new lately has often been new privacy and security features and this fall the company plans to roll out a major option in iOS that will provide an important new level of security for people who are at serious risk of highly targeted attacks. . .

When iOS 16 debuts in the fall, it will include a new set of security features known collectively as Lockdown Mode, which Apple describes as “an extreme, optional level of security.” The capabilities are designed to remove much of the attack surface that highly skilled attackers, such as NSO Group and others who sell commercial spyware to state actors, use to compromise iPhones. Lockdown mode is aimed specifically at high-risk user groups, such as activists, journalists, and political dissidents, and will severely restrict the functionality of iPhones when enabled. Among other things, lockdown mode will block most attachments in messages, disable JIT and other web-based technologies, prevent installation of configuration profiles, and block wired connections to computers or accessories when the phone is locked.

Users will be able to enable lockdown mode on their own, but will not be able to enable and disable individual features that are part of the new security set.

“While the vast majority of users will never fall victim to highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. This includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work to expose the mercenary companies that create these digital attacks,” said Ivan Krstic, head of engineering and security architecture at Apple.

The set of companies selling high-end custom spyware is relatively small, but the effects they have on the people their products target are profound. The targets are often dissidents or activists in authoritarian countries, journalists, social activists, and others who become inconveniences to governments buying these tools. Citizen Lab security researchers have revealed the extensive use of Pegasus spyware sold by NSO Group in many countries, including the UK, Bahrain, Jordan and others, and in many cases the victims of these attacks were somehow compromised through their mobile devices. . Some of these intrusions involved new exploits against previously unknown vulnerabilities in iOS, often via text messages.

Lockdown mode is meant to eliminate as many of these attack vectors as possible, and the researchers say this is a significant step forward, not just for risky users, but for the user population. wider.

“Many features provide a roadmap for better security for everyone.”

“Using lockdown mode is like hunting categories of attacks. It won’t prevent you from being vulnerable to anything. It’s important that major operating system developers strive to provide users with better protections,” said John Scott-Railton, senior research fellow at the Citizen Lab at the Munk School at the University of Toronto.

“It’s also a dip and it’s important that large rigs have higher security features. It is sometimes thought that greater security could provide higher friction, but users love these features. This is the first step towards integrating better protections. There is a collective action problem. If companies are in competition with each other, they are sometimes hesitant to add features that could push users towards their competitors. But it is an important decision. »

Many of the technologies and features that have had the greatest impact on improving web security began as tests or features designed for small groups of people. An example is the use of HTTPS, which browser vendors first encouraged, then made optional, and finally made the default connection mode. Today, almost all traffic on major platforms is encrypted.

“When you boost, it’s like an antibiotic, it’s like, did you catch all the bacteria? Or all the threats? It makes the next big step easier,” Scott-Railton said.

And while lockdown mode is expressly intended for people who are at high risk of being targeted by commercial spyware or other advanced threats, the benefits will accrue to everyone.

“High-risk users should also mean people who run banks, celebrities, well-known crypto investors. Anyone who is at an increased threat level,” Scott-Railton said. “Many features provide a roadmap for better security for everyone.”