Apple is launching a “lockdown mode” for its devices to protect people – including journalists and human rights activists – targeted by hacking attacks like those launched by government clients of NSO Group using its Pegasus spyware.
Apple will roll out the setting in the autumn and believes it would have prevented previously known spyware attacks by closing down technical avenues for digital espionage. It said the lockdown mode was intended for users who face “grave, targeted threats to their digital security”.
The news is a sign of how the proliferation of mercenary spyware, or tools that can be used by government clients to hack into any phones and remotely control them, has become a major business concern for Apple and other phone makers.
While for years Apple appeared to play down the threat to its clients posed by Pegasus and other spyware, including by emphasising that such hack attacks affected relatively few users, supporters of the company’s latest move say the new function acknowledges the seriousness of the threat.
The protections offered by lockdown mode include blocking most message attachments, blocking incoming FaceTime calls if the user has not previously called the initiator or sent a request for a call, and blocking access to an iPhone when it is connected to a computer or accessory when locked.
Ron Deibert, the founder and head of the Citizen Lab at the University of Toronto’s Munk School, said the new setting would “definitely” make it more challenging for clients of NSO Group and other companies to successfully target individuals, and compared it to the introduction of two-factor authentication.
“In other words, it’s introducing some security measure that reduces functionality and user experience in exchange for security. And … we hope other platforms would do something similar,” Deibert said. “We’ve seen the big tech platforms start to address the threats raised by the mercenary spyware industry. We definitely applaud and welcome that.”
He added that if the new setting was adopted by users, it would “completely reduce the possibility of getting inside and exploiting some flaw in applications or other bits of software” that make it possible for spyware such as Pegasus to infect a phone.
When an iPhone or other handset is infected with Pegasus, the user of the spyware can in effect take over that phone, accessing messages, pictures and location. The software can even turn a phone into a remote listening device.
Apple does not disclose the number of its users subjected to Pegasus-style hacks, but its devices have been victim of highly targeted attacks in 150 countries. Pegasus is a hacking program developed and licensed to governments around the world by NSO Group, an Israeli company. It can infect phones running iOS or Android and can be delivered via “zero-click” attacks, which do not require any interaction with the phone’s owner to gain entry to the device.
Sign up to First Edition, our free daily newsletter – every weekday morning at 7am BST
Apple, which is suing NSO in the US, said the new mode was designed for users at risk of being targeted by some of the “most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware.” It described the mode – which will come with iOS 16, iPadOS 16 and macOS Ventura in the autumn – as an optional measure for a “very small number of users”.
Apple is offering a reward of $2m (£1.7m) to anyone who can find a way round the new setting. It also announced it is making a $10m grant to the Dignity and Justice Fund, a funding initiative established by the Ford Foundation to help it expose and investigate targeted cyber-attacks.
NSO has said it investigates all credible allegations of abuse against its government clients and that its spyware is only meant to be used to target serious criminals such as paedophiles and terrorists.
Dan Milmo and Stephanie Kirchgaessner