Apple has for years sold its iPhones, iPads and Macs as the most secure and privacy-focused devices on the market. On Wednesday, the fallout was triggered by a new feature called Lockdown Mode, which is designed to combat targeted hacking attempts such as Pegasus malware, which has been used by oppressive governments on human rights workers, lawyers, politicians and journalists. It also announced a $ 10 million grant and a $ 2 million bug bounty to encourage further research on such threats.
The tech giant said the lockdown mode is designed to add additional protection to its phone, such as blocking attachments in messages and link previews, potential hackable web browsing technology and facetime calls from unknown numbers. Apple devices will also not accept accessory connections unless the device is unlocked and people cannot install new remote management software on the device while in lockdown mode. The new feature will be made available for testing software used by developers this summer and will be released to the public for free in the fall.
“The majority of users will never fall victim to highly targeted cyber attacks, yet we will work tirelessly to protect a small number of users,” said Evan Kristik, Apple’s head of security engineering and architecture, in a statement. “Lockdown mode is an important capability that demonstrates our unwavering commitment to protecting users from rare, sophisticated attacks.”
With the new lockdown mode, which Apple calls an “extreme” measure, the company announced a $ 10 million grant to the Dignity and Justice Fund, established by the Ford Foundation to support human rights and fight social oppression.
The company’s efforts to enhance the security of its devices come at a time when the tech industry is facing targeted cyber attacks from repressive governments around the world. Unlike widespread ransomware or virus campaigns, which are often designed to spread randomly and quickly through homes and corporate networks, attacks like those using Pegasus are designed to gather quiet intelligence.
People will have to restart their device before the lockdown mode starts.
Last September, Apple sent out a free software update that addressed Pegasus and then sued the NSO group in an attempt to prevent the company from developing or selling any more hacking tools. It also began sending “threat notifications” to potential victims of these hacking tools, which Apple called “hired spyware.” The company says the number of people targeted in these campaigns is very low, but has notified people in about 150 countries since November.
Other tech companies have also stepped up their approach to security in recent years. Google has an initiative called Advanced Account Protection, designed to add an extra level of security to logins and downloads “for anyone at high risk of targeted online attacks.” Microsoft is increasingly working to dump passwords.
Apple said it plans to expand the lockdown mode over time and announced a bug bounty of up to $ 2 million for people looking for security loopholes in the new feature. For now, it is primarily designed to disable computer features that may be useful but open to people for potential attacks. These include closing some fonts, previewing links, and facetime calls from unknown accounts.
Apple representatives said the company has tried to strike a balance between utility and extreme protection, and the company is publicly committed to strengthening and improving the feature. In the most recent iteration of lockdown mode, which is being sent to developers in the upcoming test software update, apps displaying webpages will follow the same restrictions as Apple’s apps, although people may pre-approve some websites to avoid lockdown mode if necessary. People in lockdown mode will need to unlock it before they can connect to their device accessories.
Encouragement for more research
In addition, Apple hopes the $ 10 million grant to the Dignity and Justice Fund will help conduct more research on these issues and expand training and safety audits for those who may be targeted.
“Every day we see these threats expanding and deepening,” said Lori McGlynch, director of the Ford Foundation’s Technology and Society program, which is helping to direct funding with technical advisors, including Apple’s Cristic.