Apple Announces 'Extreme' Privacy Mode for Targets of Government Spyware

The company will allow high-risk users to turn off certain features that make them more vulnerable to spyware such as that made by NSO Group.
iphone
Image: Janis Engel/EyeEm/Getty Images

In an attempt to protect its most vulnerable users, Apple has announced an upcoming feature designed to thwart hacking attempts from government malware. Apple’s announcement specifically called malware created by the Israeli spyware firm NSO Group, which was recently caught spying on dozens of journalists, government officials, and dissidents..

The new feature is called “Lockdown Mode” and Apple described it as “extreme” and “groundbreaking” security capability in its press release published on Wednesday.

Advertisement

“Lockdown Mode—the first major capability of its kind, coming this fall with iOS 16, iPadOS 16, and macOS Ventura—is an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security,” Apple wrote in the announcement. 

In practice, Lockdown Mode turns off several features that can be exploited by hackers who use government spyware made by companies such as NSO Group or Candiru. The features that will be turned off if a user decides to use Lockdown Mode are: accepting attachments sent via iMessage other than images, some web technologies like a type of Javascript compilation, incoming FaceTime calls from unknown callers, wired connections to a computer when the phone is locked, and the ability to install mobile device management (MDM) configurations, which have been used by government spyware makers to install malware on users’ phones

lockdown-mode.jpg

A screenshot of the upcoming Lockdown Mode for iPhones.

An Apple spokesperson told Motherboard that some of the features in Lockdown Mode could not previously be manually turned on by a user.

Apple also announced a new category in its bug bounty program. If researchers find bypasses to Lockdown Mode, they could be eligible for a reward of up to $2 million. The company is also offering a grant of $10 million to “to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware.”

Advertisement

Cybersecurity experts with experience investigating cases where governments have used spyware made by companies such as NSO Group or the now-defunct Hacking Team praised Apple’s new feature. 

lockdown-mode2.jpeg

A screenshot that shows Lockdown Mode running on an iPhone with iOS 16 beta.

“We have story after story and report after report which shows that NSO Group has compromised tens of thousands of iPhones. This makes up a very small percentage of their users, but they are also some of their most vulnerable and/or their most influential,” Eva Galperin, director of cybersecurity at activist organization the Electronic Frontier Foundation,director of cybersecurity at activist organization the Electronic Frontier Foundation,, told Motherboard in an online chat. “I am guessing that people will ask why this level of protection will not be made standard for every iPhone user and the answer to that is that this protection comes at the expense of usability. For most people, this is simply not a worthwhile tradeoff. If you think you're likely to be targeted by Pegasus, the calculus is suddenly very different, and the tradeoff may be worthwhile.”

Do you have information about government malware vendors? Or cases of spyware abuse? We’d love to hear from you. From a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com

John Scott-Railton, a senior researcher at Citizen Lab, a digital rights watchdog housed at the University of Toronto's Munk School, said that this is something people had been asking for a long time to protect high-risk users. 

“It’s a radical reduction in the threat surface for whole categories of attacks. It’s a pretty promising step forward,” Scott-Railton said in a phone call. “The things that Apple is pairing off are some of the places we know exploit devs and mercenary spyware companies were using to get malware onto devices and do zero-day attacks.”

Joseph Cox contributed reporting.

Subscribe to our podcast, CYBER. Subscribe to our new Twitch channel.