Apple imagines an “extreme protection” mode to resist the most sophisticated attacks

Apple is trying another tactic against very high-level computer attacks: the company is launching an “extreme” security mode, supposed to offer a higher level of security. But this is only possible by giving up some features of the iPhone. However, this mode does not address 99.9% of individuals.

How to fight against the most sophisticated spyware, those capable of operating by bypassing all the protections of smartphones? Perhaps at the cost of a certain renunciation, by cutting off access to functionalities to prevent the spyware from acting as it sees fit in the terminal. In any case, it is in this direction that Apple is going.

The American company announced on July 6 the arrival of a new tactic against spyware like Pegasus: with the arrival of iOS 16 this fall, the Cupertino company will provide a special defense mode, called “lockdown mode (or in French “isolation mode”). It will also be deployed with iPadOS 16 for tablets and macOS Ventura for computers.

What is this lockdown mode?

In fact, this very particular device will probably not concern 99.9% of people with an iPhone or iPad. This is a mode that is aimed at high-value targets, such as political figures, celebrities or managers of large groups who have access to more or less sensitive information.

Isolation mode provides extreme, optional protection for rare users whose digital security is subject to serious targeted threats “Explains the American company in its press release. We are talking here about individuals who can be targeted by private companies specializing in espionage, or even by States themselves.

This mode will also potentially interest lawyers, leading human rights activists, activists who, because of their commitment, can face powerful adversaries. Individuals who face more traditional digital threats do not in principle need this “lockdown mode”.

But this protection will be handled with care, because once activated, it has the effect of neutralizing several essential functions of an iPhone:

  • posts : Most types of attachments other than images are blocked. Some features, such as link previews, are disabled.
  • web browsing : Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from isolation mode.
  • Apple Service : Incoming invitations and service requests, including FaceTime calls, are blocked if the user has never sent a call or request to their sender before.
  • Wired connections to a computer or accessory are blocked when iPhone is locked.
  • No configuration profiles can be installed and the device cannot enroll in a mobile device management (MDM) solution when isolation mode is enabled.

Apple must restrict certain functions to better resist attacks

Disabling these options, at various levels, is actually intended to prevent spyware from taking advantage of certain channels to gain access to the iPhone — in this case, web browsing and email attachments are key vectors for spreading malware. These are accesses that must therefore be closed to reduce exposure to threats.

The fact is that for the American company, this extreme mode reflects a certain defeat against companies specializing in spyware. The company failing to contain them with its usual practices, it must deploy an approach that makes, in practice, the experience of using the iPhone or iPad rather disabling.

But for the great evils, the great remedies. Isolation mode appears as an emergency button to press when all previous barriers have been overrun. Apple probably had little choice: the spy stakes and the levels of investment in spyware are such that it is not possible to oppose it with a normal approach.

Android phones, like the iPhone, have been infected by Pegasus // Source: Photo Corentin Béchade for Numerama

To guarantee the quality of the isolation mode and avoid any sealing problems in this new protection, Apple will not skimp on the expense. In its reward program in the event of the discovery of a computer flaw, the bonuses are doubled for the “lockdown mode”. The most critical may be rewarded up to 2 million dollars. Colossal.

In recent years, the iPhone and more generally the Apple ecosystem have been confronted with formidable digital attacks. The year 2021, for example, was marked by the Predator spyware affair. But it was above all the Pegasus malware that hit the headlines – it was developed by NSO Group Technologies, a very advanced Israeli company.

Pegasus was designed as early as 2013, but it wasn’t until 2016 that its existence was spotted. Used for espionage operations in several states, the spyware affected journalists and forced Emmanuel Macron to change one of his phones, as a precaution. The breach was eventually fixed and Apple has since filed a lawsuit against NSO.

The isolation mode should therefore, in principle, contain more threats like Pegasus and Predator, pending a possible legal victory to prevent NSO from using its products and services – which remains very hypothetical. But it will be difficult to gauge the effectiveness of the isolation mode: because the essence of spyware is to be discreet and it is not because nothing justifies the activation of the “lockdown mode” that nothing happens.