Choose Apple Lockdown Mode, Choose Security
Apple recently announced a coming security-focused feature in iOS 16, iPadOS 16, and macOS Ventura called “Lockdown Mode.” You may see key phrases like “mercenary spyware” or “They could be journalists, activists, dissidents, politicians, etc.” and decide to pass on this feature. That’s a valid choice that Apple anticipates from many users. Don’t jump to those conclusions too quickly, however, as Lockdown Mode has more possible uses than what appear on the surface.
Apple created Lockdown Mode to stop the installation of spyware developed by sophisticated shops for millions of dollars. Intelligence agencies and governments license this technology to surveil journalists, activists, politicians, and government employees. If nearly 30 years in the IT industry taught me anything, I learned that technologies commoditize. Yesterday’s innovation becomes old news fast.
Cybersecurity exploits follow the same pattern. Costly becomes downloadable on GitHub by script kiddies in months, not years. Highly targeted and “sophisticated” turns into spray-and-pray, seeking out targets of opportunity. Because of this, users need better protection from threats that are now widely available to attackers.
Lockdown Mode Benefits Everyone, Even Users Who Never Enable It
Apple continues its trend of empowering users with choices when it comes to security and privacy. The price to obtain those choices does require someone to buy an iPhone first and subscribe to iCloud+ … so Apple is not operating on a purely altruistic basis here. But if a consumer makes those choices, they gain access to a multitude of security and privacy features.
For example, Face ID reduces the need for passwords. Hide My Email and iCloud Private Relay offer opt-in protection for Apple users who subscribe to iCloud+. Mail Privacy Protection empowers users to prevent advertisers from weaponizing email data for advertising purposes — a decision that led advertisers to lose billions and miss earnings targets.
When Apple makes security and privacy more convenient for users, they increase the complexity for advertisers and adversaries … two groups that share similarities more often than they would like.
Prior to “Lockdown Mode,” the choices for a more secure phone barely existed, such as obscure Android forks that had infrequent updates or Linux OS phones that have limited application support.
Lockdown Mode Reduces The Functionality Of The Device
Lockdown Mode offers an easy-to-use, much more secure option. This option, however, does come with a trade-off: less functionality, which we detail below. But users get to make that choice — not carriers, application developers, or advertisers. Here’s a list of those items and potential reasons why Lockdown Mode eliminates them:
1) Message attachment types other than images are blocked. This creates friction for zero-click exploits such as the one created by NSO Group and eventually discovered in 2021.
2) Link previews are disabled. This mitigates techniques like one discovered in 2020 that could leak device details and offer access to encrypted communications.
3) Incoming invitations and service requests including FaceTime calls are blocked if the user has not previously sent the initiator a call or request. This reduces the chance that an unknown party could exploit vulnerabilities such as those discovered in FaceTime and AirDrop.
4) Wired connections with a computer or accessory are blocked when the iPhone is locked. This eliminates hacking a device through a purpose-built cable designed to give unauthorized control to the device.
Note that in the examples above, Apple patched these security flaws. But the lag time between exploitation, discovery, and patching left users exposed. Lockdown Mode provides an option for users to protect themselves based on their risk tolerance. And it goes without saying that no matter how desperate you are to get 20 minutes of charge, you shouldn’t plug random cables into your computer or smartphone, but Apple even tried to help with that, too.
Running in Lockdown Mode works to prevent spyware such as Pegasus from slipping into your phones without you even having to click on a message. This demonstrates Apple’s commitment to security, even though a small percentage of its user base in vulnerable positions, such as activists, dissidents, and journalists, gain the most benefit. It also enables users to protect themselves at sensitive times like during travel to certain areas, when taking a stance that governments may disagree with, or when their careers put them in those situations.
Helping Every User Understand Security
Apple also takes a leadership role in introducing security to users who never would have considered it before. Consumers may not enable Lockdown Mode regularly. But knowing it’s there, playing around with it, activating it, and seeing what works and what doesn’t will provide some security education. They’ll learn things like the trade-offs between usability and security, how attackers break into devices, and how difficult it is to secure devices. After all, if Lockdown Mode disables a feature, it’s because that’s one way that attackers get in.
Implications For CISOs And Technology Leaders
Security and technology leaders with Android and Windows footprints should pressure these companies to enhance their embedded security functions that protect the privacy of their users or risk losing business to a company that beats them to it. They also need to evaluate whether security policies need to change in light of Lockdown Mode and how it will work with their existing endpoint protection and master data management solutions once it’s widely available.