Apple envisions an “extreme protection” mode to resist the most sophisticated attacks

Apple is trying another top-notch cyber attack tactic: The company is launching an “extreme” security mode, which should offer a higher level of security. But this is only possible by giving up some iPhone features. However, this modality does not appeal to 99.9% of individuals.

How to fight the most sophisticated spyware, those able to operate bypassing all smartphone protections? Perhaps at the cost of some waiver, by cutting off access to features to prevent spyware from acting as it sees fit in the terminal. Either way, that’s where Apple is heading.

The American company announced on July 6 the arrival of a new tactic against spyware like Pegasus: with the arrival of iOS 16 this fall, the Cupertino company will provide a special defense mode, called “lockdown mode. (or French for “isolation mode”) It will also ship with iPadOS 16 for tablets and macOS Ventura for computers.

What is this blocking mode?

In fact, this very special device probably won’t affect 99.9% of people with an iPhone or iPad. It is a mode that is aimed at high-value targets, such as political figures, celebrities or managers of large groups who have access to more or less sensitive information.

Isolation mode provides extreme and optional protection for rare users whose digital security is subject to severe targeted threats “The American company explains in its press release. These are individuals who can be targeted by private companies specializing in espionage, or even by the states themselves.

This modality will potentially also affect lawyers, prominent human rights activists, activists who, thanks to their commitment, can face powerful adversaries. Individuals facing more traditional digital threats in principle do not need this “blocking mode”.

But this protection will be handled with care, because once activated, it has the effect of neutralizing several essential functions of an iPhone:

  • Messages – Most types of attachments other than images are blocked. Some features, such as link previews, are disabled.
  • surf the Internet : Some complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from isolation mode.
  • Apple Services – Incoming invitations and service requests, including FaceTime calls, are blocked if the user has never sent a call or request to the sender before.
  • Wired connections to a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed and the device cannot enroll in a mobile device management (MDM) solution when isolation mode is enabled.

Apple needs to limit some features to better resist attacks

Disabling these options, at various levels, is actually intended to prevent spyware from exploiting certain channels to access the iPhone: in this case, web browsing and email attachments are key vectors for the spread of malware. . These are accesses that must therefore be closed to reduce exposure to threats.

The fact is that for the American company, this extreme mode reflects a certain defeat against spyware companies. The company, failing to contain them with its usual practices, must adopt an approach that makes, in practice, the experience of using the iPhone or iPad rather disabling.

But for the great evils, the great remedies. Isolation mode appears as an emergency button to be pressed when all previous barriers have been overcome. Apple probably had little choice: the spy stakes and spyware investment levels are such that they can’t be countered with a normal approach.

Android phones, such as the iPhone, have been infected with Pegasus // Source: Photo Corentin Béchade for Numerama

To ensure the quality of the isolation mode and avoid any sealing problems in this new protection, Apple does not skimp on the expense. In its rewards program for the discovery of a computer defect, the bonuses are doubled for the “lockdown mode”. The most critical can be rewarded up to $ 2 million. Colossal.

In recent years, the iPhone and the Apple ecosystem more generally have faced formidable digital attacks. The year 2021, for example, was marked by the Predator spyware business. But it was mainly Pegasus malware that made headlines: it was developed by NSO Group Technologies, a very advanced Israeli company.

Pegasus was designed as early as 2013, but it wasn’t until 2016 that its existence was spotted. Used for spying operations in several states, the spyware hit reporters and forced Emmanuel Macron to change one of his phones as a precaution. The breach was eventually resolved, and Apple has since filed a lawsuit against NSO.

The isolation mode should therefore, in principle, contain more threats such as Pegasus and Predator, pending a possible legal victory to prevent NSO from using its products and services, which remains very hypothetical. But it will be difficult to assess the effectiveness of the isolation mode: because the essence of spyware is to be discreet and not because nothing justifies activating the “block mode” that nothing happens.

Leave a Comment