Apple: Here’s why the new iOS 16 lockdown mode is a game changer for mobile security

Upcoming feature could protect high-profile users such as politicians, activists, and journalists who may be targeted by industrial-strength hacking tools like NSO Group's Pegasus.
19 July 2022

Apple: Here’s why the new iOS 16 lockdown mode is a game changer for mobile security. (Photo by Handout / Apple Inc. / AFP)

  • The soon-to-launch Apple iOS 16 will include a new feature called Lockdown Mode to protect users from targeted cyberattacks featuring spyware.
  • Lockdown Mode limits many of your iPhone’s core features–the inevitable trade-off for such strong security.

A few days ago, Cupertino-based tech giant Apple released the first public beta versions of iOS 16 — targeting the non-developer crowd ahead of the public rollout later this year. Among the few new features included,  the “Lockdown Mode” is the most spoken about yet. It is basically Apple’s way of acknowledging that mobile cyber threats are a serious issue that should not be taken lightly.

Not too long ago, Apple put up an ad in Las Vegas, which showed the backside of one of its devices together with a phrase that read: “What happens on your iPhone, stays on your iPhone.” While that appears like a bold and cheeky claim all at once, the tech giant is definitely living up to it. To put it into context, the Lockdown Mode, which Apple claims to be “the first major capability of its kind”, will essentially offer additional protection to users who may be at risk from targeted cyberattacks featuring spyware.

Lockdown Mode is the first major capability of its kind designed to offer an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security.

Lockdown Mode is the first major capability of its kind designed to offer an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security.
Source: Apple

The initiative, according to Apple, is “to help protect users who may be personally targeted by some of the most sophisticated digital threats, such as those from private companies developing state-sponsored mercenary spyware. In fact, the company’s head of security engineering and architecture Ivan Krstić emphasized that the Lockdown Mode isn’t for everyone since the vast majority of iPhone users will never be a victim of highly targeted cyberattacks, such as the zero click attack using the NSO Group’s Pegasus spyware.

Pegasus infiltrates mobile phones to extract data or activate a camera or microphone to spy on their owners. NSO Group says the software is only sold to government agencies to target criminals and terrorists with the green light of Israeli authorities. For context, Pegasus was found on the phones of people close to Khashoggi, the journalist who was murdered in 2018. 

“Apple makes the most secure mobile devices on the market, Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” Krstić said, adding that it is “an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security.”

Apple iOS 16: Details on the Lockdown Mode

For starters, turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities — the inevitable trade-off for such strong security. Apple reckons it sharply reduces the attack surface that could, potentially, be exploited by highly targeted mercenary spyware.

Once launched later this year, the Lockdown Mode would include protections like:

  • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
  • Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  • Wired connections with a computer or accessory are blocked when the iPhone is locked.
  • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
The Lockdown Mode capability further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware.

The Lockdown Mode capability further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that could potentially be exploited by highly targeted mercenary spyware.
Source: Apple

Apple has the option to add on more protection features, and the tech giant is inviting feedback on its current efforts – for example, through its engagements with with the security research community. “Apple has also established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of US$2,000,000,” the blog post reads.

Last September, Apple sent out a free software update that addressed Pegasus, and then it sued NSO Group in an effort to stop the company from developing or selling any more hacking tools. It also began sending “Threat Notifications” to potential victims of these hacking tools, which Apple calls “mercenary spyware.” The company said that while the number of people targeted in these campaigns is very small, it has notified people in about 150 countries since November.