Skip to main content

Apple’s new feature adds ‘extreme’ protection to your devices

Apple’s new feature adds ‘extreme’ protection to your devices

/

Lockdown Mode is for people who might be targeted by state-sponsored spyware, but anyone can use it

Share this story

Illustration by Alex Castro / The Verge

Apple is taking steps to increase security for people like journalists, activists, and politicians with a new setting in iOS 16, iPadOS 16, and macOS Ventura called Lockdown Mode. This setting hardens an iPhone, iPad, or Mac’s defenses in ways that interrupt methods we’ve seen used to compromise devices for highly targeted attacks.

Lockdown Mode blocks many message attachment types, disables link previews, turns off certain web browsing technology by default, blocks invitations and FaceTime calls from unknown sources, locks down wired connections to computers or accessories while the device is locked, and disables the ability to add new configuration profiles or enroll in mobile device management (MDM).

These are the areas that we know can be vulnerable, as Google’s Project Zero team detailed how iPhones of people targeted by the Pegasus software could be compromised in a “zero-click” scenario by using a GIF to exploit iMessage in the background. Other attacks have repeatedly targeted MDM solutions or used malicious websites to exploit flaws in rendering, and Lockdown Mode closes those doors from the start.

Lockdown Mode screen in iOS 16
Lockdown Mode screen in iOS 16
Image: Apple

Apple calls it an “extreme, optional” level of protection that’s a clear response to the growing use of state-sponsored mercenary software like the Pegasus tool developed by NSO Group. Evidence of the software has been found on devices of journalists like Jamal Khashoggi. According to Bloomberg reporter Mark Gurman, Apple just released iOS 16 Developer Beta 3, which includes Lockdown Mode.

In past years, Apple had been criticized for not working with security researchers to find and close flaws in its platforms as much as other big tech companies before launching an iOS bug bounty program in 2016. It eventually expanded the program to cover other devices in 2019 while saying it would distribute special security research devices to outside researchers.

According to Apple’s head of security engineering and architecture, Ivan Krstić, “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

While introducing the new operating systems at WWDC 2022 in June, Apple said its new Rapid Security Response feature will enable patches for security flaws that roll out faster and can take effect on a Mac without requiring a reboot. iOS 16 and macOS Ventura are also set to include support for new passkey technology that will help eliminate the use of passwords.

Other tech companies have made similar efforts in certain ways, like Google’s Advanced Protection Program for its accounts or the Super Duper Secure Mode Microsoft started testing in Edge last fall. Some small companies have also tried offering hardened devices running Android that promise protections against various vulnerabilities, but Lockdown Mode is a new level of security that will be available to millions of people once it launches with the new software updates later this year.

Even with these protections, finding vulnerabilities in the operating systems that control so many devices is a valuable endeavor, and Apple says it’s doubling the bounty for “qualifying findings” in Lockdown Mode to $2 million, which it says is the highest maximum bounty payout in the industry. Apple also says that any damages it’s awarded from a lawsuit filed last fall against NSO Group will be added to a $10 million grant to support organizations that “investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware.”

Today’s Storystream

Feed refreshed Sep 25 Not just you

E
Twitter
Emma RothSep 25
Rihanna’s headlining the Super Bowl Halftime Show.

Apple Music’s set to sponsor the Halftime Show next February, and it’s starting out strong with a performance from Rihanna. I honestly can’t remember which company sponsored the Halftime Show before Pepsi, so it’ll be nice to see how Apple handles the show for Super Bowl LVII.


E
Twitter
Emma RothSep 25
Starlink is growing.

The Elon Musk-owned satellite internet service, which covers all seven continents including Antarctica, has now made over 1 million user terminals. Musk has big plans for the service, which he hopes to expand to cruise ships, planes, and even school buses.

Musk recently said he’ll sidestep sanctions to activate the service in Iran, where the government put restrictions on communications due to mass protests. He followed through on his promise to bring Starlink to Ukraine at the start of Russia’s invasion, so we’ll have to wait and see if he manages to bring the service to Iran as well.


E
External Link
Emma RothSep 25
We might not get another Apple event this year.

While Apple was initially expected to hold an event to launch its rumored M2-equipped Macs and iPads in October, Bloomberg’s Mark Gurman predicts Apple will announce its new devices in a series of press releases, website updates, and media briefings instead.

I know that it probably takes a lot of work to put these polished events together, but if Apple does pass on it this year, I will kind of miss vibing to the livestream’s music and seeing all the new products get presented.


E
External Link
Emma RothSep 24
California Governor Gavin Newsom vetoes the state’s “BitLicense” law.

The bill, called the Digital Financial Assets Law, would establish a regulatory framework for companies that transact with cryptocurrency in the state, similar to New York’s BitLicense system. In a statement, Newsom says it’s “premature to lock a licensing structure” and that implementing such a program is a “costly undertaking:”

A more flexible approach is needed to ensure regulatory oversight can keep up with rapidly evolving technology and use cases, and is tailored with the proper tools to address trends and mitigate consumer harm.


Welcome to the new Verge

Revolutionizing the media with blog posts

Nilay PatelSep 13
A
The Verge
Andrew WebsterSep 24
Get ready for some Netflix news.

At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.


A
Andrew WebsterSep 24
Looking for something to do this weekend?

Why not hang out on the couch playing video games and watching TV. It’s a good time for it, with intriguing recent releases like Return to Monkey Island, Session: Skate Sim, and the Star Wars spinoff Andor. Or you could check out some of the new anime on Netflix, including Thermae Romae Novae (pictured below), which is my personal favorite time-traveling story about bathing.


A screenshot from the Netflix anime Thermae Romae Novae.
Thermae Romae Novae.
Image: Netflix
J
Twitter
Jay PetersSep 23
Twitch’s creators SVP is leaving the company.

Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.


T
Twitter
Tom WarrenSep 23
Has the Windows 11 2022 Update made your gaming PC stutter?

Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.