July 6, 2022
Apple Extends Leading Commitment to Protect Users from Highly Targeted Rental Spyspyware
Apple previews a breakthrough security feature that provides specialized additional protections to users at risk of highly targeted cyber-attacks from private companies developing state-sponsored rental spyware. Apple also details its $10 million grant to support research exposing such threats.
Apple today launched two initiatives to protect users who may be personally targeted by some of the most advanced digital threats, such as those from private companies that develop state-sponsored rental spyware. Lockdown Mode — the first major capability of its kind, coming this fall with iOS 16, iPadOS 16, and macOS Ventura — is extreme, optional protection for the very small number of users who face serious, targeted threats to their digital devices. safety. Apple also shared details of the $10 million cybersecurity grant it announced last November to support civil society organizations investigating spyware threats from mercenaries and advocacy.
“Apple makes the most secure mobile devices on the market. Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s chief of security engineering and architecture. “While the vast majority of users will never fall victim to highly targeted cyber attacks, we will work tirelessly to protect the small number of users that do. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world who are doing critically important work unmasking mercenaries carrying out these digital attacks.”
Lockdown Mode provides an extreme, optional level of security for the very few users who, because of who they are or what they do, could be personally targeted by some of the most advanced digital threats, such as those posed by the NSO Group and other private companies by the able to develop sponsored spyware for mercenaries. Enabling Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further strengthens the device’s security and strictly limits certain functionalities, greatly reducing the attack surface that can potentially be exploited by highly targeted rental spy spyware .
At startup, Lockdown mode includes the following protections:
- Messages: Most types of message attachments, except images, are blocked. Some features, such as link previews, are disabled.
- Apple services: Incoming invitations and service requests, including FaceTime calls, will be blocked if the user has not previously sent the initiator a call or request.
- Wired connections to a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed and the device cannot be enrolled in mobile device management (MDM) while the lock mode is enabled.
Apple will continue to strengthen Lockdown Mode and add new protections to it over time. To invite feedback and collaboration from the security research community, Apple has also created a new category within the Apple Security Bounty program to reward researchers who believe Lockdown Mode is being bypassed and to help improve its security. Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 – the highest maximum bounty payout in the industry.
Apple is also providing a $10 million grant, in addition to any damages awarded under the lawsuit filed against NSO Group, to support organizations that investigate, expose and prevent highly targeted cyber attacks, including those from private companies. who develop state-sponsored spyware for mercenaries. The grant will be awarded to the Dignity and Justice Fund, founded and advised by the Ford Foundation – a private foundation dedicated to advancing global equity – and is designed to pool philanthropic resources to advance social justice worldwide . The Dignity and Justice Fund is a tax-sponsored project of the New Venture Fund, a 501(c)(3) public charity.
“The global spyware trade targets human rights defenders, journalists and dissidents; it facilitates violence, reinforces authoritarianism and supports political repression,” said Lori McGlinchey, director of the Ford Foundation’s Technology and Society program. “The Ford Foundation is proud to support this extraordinary initiative to support civil society research and advocacy against mercenary spyware. We must build on Apple’s commitment and invite companies and donors to join the Dignity and Justice Fund and commit additional resources to this collective struggle.”
The Dignity and Justice Fund expects to make its first grants in late 2022 or early 2023, initially to fund approaches to expose mercenary spyware and protect potential targets, including:
- Build organizational capacity and improve field coordination of new and existing civil society cybersecurity research and advocacy groups.
- Support the development of standardized forensic methods to detect and confirm spyware infiltration that meet evidence standards.
- Enabling civil society to work more effectively with device manufacturers, software developers, commercial security firms and other relevant companies to identify and address vulnerabilities.
- Raise awareness among investors, journalists and policymakers about the global mercenary spyware industry.
- Building the capacity of human rights defenders to identify and respond to spyware attacks, including security audits for organizations facing heightened threats to their networks.
The Dignity and Justice Fund grant strategy to investigate, monitor and hold accountable the enhanced cyberweapons trade will be advised by an independent global technical advisory committee. First members include:
- Ron Deibert, Professor of Political Science and Director of the Citizen Lab at the Munk School of Global Affairs & Public Policy, University of Toronto
- Ivan Krstić, chief of Apple Security Engineering and Architecture
“There is now undeniable evidence from research by the Citizen Lab and other organizations that the mercenary surveillance industry facilitates the spread of authoritarian practices and massive human rights violations worldwide,” said Ron Deibert, director of the Citizen Lab, a research group at the University. from Toronto. “I applaud Apple for awarding this important grant, which will send a strong message and help educate independent researchers and advocacy groups that hold mercenary spyware vendors responsible for the harm they inflict on innocent people.”
Apple Media Helpline