Home » Protection through restriction: Apple’s new Lockdown Mode

Protection through restriction: Apple’s new Lockdown Mode

by Nathan Zachary
Lockdown Mode

Apple revealed a new device protection feature in July 2022. It is known as “Lockdown Mode,” and it drastically limits the operation of your Apple smartphone, tablet, or laptop. Its goal is to lower the success rate of targeted attacks on politicians, activists, and journalists, among others. Lockdown Mode will be available in the future iOS 16 (for cellphones), iPadOS 16 (for tablets), and macOS 13 Ventura releases (for desktops and laptops).

For most users, this operating mode is more likely to be a hassle than a benefit. As a result, Apple recommends it only to customers whose actions make them vulnerable to targeted attacks. In this essay, we study the intricacies of Lockdown Mode, compare the new constraints to the capabilities of well-known vulnerabilities for Apple iPhones, and explain why, while important, this mode is not a panacea.

Details on Lockdown Mode

With the release of new versions of iOS before the end of the year, your Apple smartphone or tablet (if relatively recent, that is, no earlier than 2018) will feature the new Lockdown Mode in its settings.

After activation, the phone will reboot, and several minor (but critical) functionalities will cease to function. For example, iMessage attachments will be disabled, and websites in the browser may cease to function properly. It will be more difficult for someone you have never met to contact you. All of these restrictions are an attempt to close the most common access points used by attackers.

Further, Lockdown Mode imposes the following restrictions on your Apple device:

  1. Only text and images delivered to you are shown in iMessage chats. Other attachments will be rejected.
  2. Some technologies, such as just-in-time compilation, will be blocked in browsers.
  3. All incoming communication invitations via Apple services will be prohibited. For example, if you have not already communicated with the other user, you will be unable to establish a FaceTime call.
  4. If your smartphone is locked, it will not interact with your imac pro i7 4k in any way (or other external devices connected with a cable).
  5. Installing configuration profiles or enrolling the phone in Mobile Device Management will be impossible (MDM).
  6. The first three safeguards are designed to limit the most prevalent remote targeted attack vectors on Apple devices: infected iMessages, links to malicious websites, and incoming video calls.
  7. This intended to keep you from connecting your iPhone to a computer while it is unattended and having any valuable information taken due to a weakness in the connection protocol.
  8. This restriction prevents a smartphone in Lockdown Mode from being connected to an MDM system. Typically, businesses utilise MDM for security purposes, such as erasing data from a misplaced phone. However, because it allows the MDM administrator broad authority over the device, this functionality can also be exploited to steal data.

Overall, Lockdown Mode appears to be a decent idea. Perhaps we should all put up with some inconvenience in order to be safe?

Bugs versus features

Before answering this question, consider how radical Apple’s proposal is. When you think about it, it’s the polar opposite of all industry norms. Typically, a developer creates a new feature, deploys it, and then wrestles with the code to free it of defects. In contrast, with Lockdown Mode, Apple advises giving up a few existing functionalities in exchange for improved security.

As an example (and entirely hypothetical), suppose the creator of a communication programme adds the option to exchange stunning animated emojis, as well as build your own. Then it was discovered that it is feasible to construct an emoji that forces all recipients’ devices to repeatedly reboot. That’s not polite.

To avoid this, the feature should have been discarded or more effort spent on vulnerability analysis should have been spent. But it was more vital to get the product out there and commercialise it as soon as possible. The latter always won in this behind-the-scenes battle between security and convenience. Until now, that is, because Apple’s new mode prioritises security over all else. It can only be described in one word: awesome.

Does this imply that iPhones without Lockdown Mode are dangerous?

Apple mobile devices are already fairly secure, which is significant in light of this disclosure. Stealing data from an iPhone is difficult, and Apple is working hard to keep it that way.

For example, biometric information used to unlock your phone is only stored on the device and is not transferred to the server. Data stored on the phone is encrypted. Your phone’s PIN cannot be brute-forced: after numerous unsuccessful attempts, the device is locked. Smartphone apps operate independently of one another and, in general, cannot access data held by other apps. Every year, it becomes more difficult to hack an iPhone. This level of security is more than adequate for the majority of users.

So why add yet another layer of defence?

The issue concerns a very small number of people whose data is so valuable that those who desire it will go to incredible lengths to obtain it. In this sense, going to extraordinary lengths entails spending a significant amount of time and money building complicated exploits capable of bypassing recognised protection mechanisms. Such sophisticated cyberattacks endanger only a few tens of thousands of individuals worldwide.

This ballpark figure comes from the Pegasus Project. In 2020, a list of 50,000 names and phone numbers of people who were supposedly (or possibly have been) infected with NSO Group spyware was disclosed. This Israeli firm has long been chastised for its “legal” production of hacking tools for clients that include numerous intelligence organisations throughout the world.

Although NSO Group denied any connection between its solutions and the disclosed list of targets, proof eventually surfaced that activists, journalists, and politicians (all the way up to heads of state and government) had been attacked using the company’s technologies. Even when done legitimately, developing exploits is a risky business that can result in the disclosure of extremely dangerous attack methods that anybody can employ.

How clever are iOS exploits?

The sophistication of these exploits can be gauged by examining a zero-click assault investigated by Google’s Project Zero team at the end of last year. Normally, the victim must click a link in order for the attacker’s malware to be activated, however “zero-click” means that no user activity is necessary to compromise the targeted device.

In the example outlined by Project Zero, it is sufficient to send a malicious message to the victim using iMessage, which is enabled by default on most iPhones and replaces conventional messages. In other words, an attacker only has to know the victim’s phone number and send a message to acquire remote control over the targeted device.

The exploit is really complex. In iMessage, the victim receives a file with the GIF extension that is not a GIF at all, but rather a PDF compressed using a popular method in the early 2000s. The victim’s phone displays a preview of this document. In most circumstances, Apple’s own code is utilised for this, but in this case, a third-party software is used. And within it, a vulnerability was discovered – a minor buffer overflow mistake. To put it simply, a separate and independent computational system is formed around this little flaw, which ultimately runs malicious code.

In other words, the assault takes use of a variety of subtle vulnerabilities in the system, each of which appears minor in isolation. If they are chained together, the net consequence is iPhone infection with a single message, with no user interaction necessary.

To be honest, this is not something a young hacker would come upon by chance. Not even what a group of typical malware authors might produce: they are usually looking for a far more direct path to profit. A clever exploit like this must have taken thousands of hours and millions of dollars to develop.

But, as previously indicated, practically all attachments are prevented by Lockdown Mode. This is done to make zero-click assaults far more difficult to execute, even if the iOS code does contain the corresponding fault.

The remaining Lockdown Mode capabilities are designed to close additional frequent “entry points” for targeted attacks, such as a web browser, a cable connection to a computer, and incoming FaceTime calls. There are currently a number of exploits for various attack routes, though not necessarily in Apple products.

What are your chances of such a sophisticated attack being launched against you if you are not on the radar of intelligence services? Unless you get hit by accident, pretty much none. As a result, utilising Lockdown Mode makes little sense for the average user. Making your phone or laptop less functional in exchange for a tiny reduction in your odds of being the victim of a successful attack is pointless.

Not solely through lockdown.

On the other hand, for those who are possible targets of Pegasus and similar spyware, Apple’s new Lockdown Mode is a welcome improvement, but it is not a panacea.

Our experts have a few alternative suggestions in addition to (and, until its introduction, instead of) Lockdown Mode. Remember, this is a circumstance in which someone very powerful and determined is looking for your data. Here are a few pointers:

  • Every day, restart your smartphone. Creating an iPhone vulnerability is difficult enough; making it resistant to reboot is even more difficult. Turning off your phone on a regular basis will provide a little extra security.
  • Turn off iMessage completely. Although Apple is unlikely to endorse it, you can do it yourself. Why limit the possibility of an iMessage attack when you can eradicate the entire threat in one fell swoop?
  • Do not click on any links. It makes no difference who sent them in this circumstance. If you must open a link, use a different computer and, preferably, the Tor browser, which hides your data.
  • Use a VPN to hide your traffic if feasible. Again, this makes determining your position and harvesting data about your device for a future assault more difficult.

Read Also: jaa lifestyle login

Related Posts

Techcrams logo file

TechCrams is an online webpage that provides business news, tech, telecom, digital marketing, auto news, and website reviews around World.

Contact us: info@techcrams.com

@2022 – TechCrams. All Right Reserved. Designed by Techager Team