September 30, 2022

Apple is taking steps to increase safety for people like journalists, activists, and politicians A new setting in iOS 16, iPadOS 16, and macOS Ventura called Lockdown Mode. This setting strengthens iPhone, iPad, or Mac defenses in ways that interrupt methods we’ve seen used to compromise devices for highly targeted attacks.

Lock mode blocks many types of message attachments, disables cookie previews, turns off some web browsing technologies by default, blocks invitations and FaceTime calls from unknown sources, closes wired connections to computers or accessories while the device is locked, and disables the ability to add configuration profiles New or Registered in Mobile Device Management (MDM).

These are areas we know could be vulnerable, like Google’s Project Zero team Hinge How iPhones of people targeted by Pegasus can be hacked in a “zero-click” scenario using GIF to exploit iMessage in the background. Other attacks have frequently targeted MDM solutions or used malicious websites to exploit flaws in the rendering, and Lockdown mode closes those doors from the start.

Lock mode screen in iOS 16
Photo: Apple

Apple describes it as an “extreme and selective” level of protection that is an apparent response to the increasing use of state-sponsored mercenary programs such as the Pegasus tool developed by NSO Group. Evidence of the program has been found on the devices of journalists such as Jamal Khashoggi. according to Bloomberg Reporter Mark GormanApple has just released iOS 16 Developer Beta 3, which includes Lock mode.

In the past years, Apple has been criticized for not working with security researchers to find and lock down flaws in its platforms like other major tech companies before launching its iOS bug bounty program in 2016. It eventually expanded the program to other devices in 2019. While it said it would distribute the iOS bug bounty program in 2016. Private security research devices on external researchers.

According to Apple’s Head of Security Engineering and Engineering Ivan Krstic, “While the vast majority of users will never be victims of highly targeted cyber attacks, we will work tirelessly to protect the small number of users. This includes continuing to design defenses specifically for those users, In addition to supporting researchers and organizations around the world who are doing a very important job in exposing the mercenary companies that manufacture these digital attacks.”

While introducing the new operating systems at WWDC 2022 in June, Apple said the new Rapid Security Response feature will enable patches for security flaws that are rolled out faster and can take effect on a Mac without the need for a reboot. iOS 16 and macOS Ventura are also set to include support for the new passkey technology that will help eliminate the use of passwords.

Other tech companies have made similar efforts in certain ways, like Google’s Advanced Protection Program for their accounts or the Super Duper Secure Mode that Microsoft began testing in Edge last fall. Some small companies have also tried to offer powerful Android devices that promise to protect against various vulnerabilities, but Lockdown Mode is a new level of security that will be available to millions of people once it launches with new software updates later this year.

Even with that protection, finding vulnerabilities in operating systems that control so many devices is a valuable endeavor, and Apple says it’s doubling the reward for “qualified results” in Lockdown Mode to $2 million, which it says is the highest maximum reward in the industry. . Apple also says that any damages awarded from a lawsuit filed last fall against the NSO Group will be added to a $10 million grant to support organizations that “investigate, detect, and prevent targeted cyber attacks, including those created by private companies that develop sponsored State. Mercenary spyware.”

Source link

Leave a Reply

Your email address will not be published.