Endpoint/Device Security, Malware

Apple announces ‘lockdown’ security feature to counter NSO-type spyware

CORTE MADERA, CALIFORNIA – JANUARY 27:  New iPhone 13s are displayed at an Apple store on January 27, 2022 in Corte Madera, California. Apple reported record first-quarter earnings with $123.9 billion in overall revenue and $34.6 billion in profit. (Photo by Justin Sullivan/Getty Images)

Apple announced Wednesday a new "lockdown" security feature for iOS and MacOS that the company says will prevent militarized spyware contractors like the NSO Group from attacking humanitarian groups, activists, journalists, government and other targets.

The company is currently suing the Israeli NSO Group, the most prominent surveillance contractor, which licensed its advanced Pegasus mobile spyware to several governments that ultimately used it for controversial ends.

While the stated purpose of Pegasus was for criminal investigations and espionage, Mexico was caught spying on scientists advocating a tax on sodas using the software, and several countries used Pegasus to monitor dissidents at home and abroad. NSO was sanctioned by the U.S. Treasury Department last year, leaving it in economic tatters, but the broader industry of surveillance contractors has forged on.

Apple's new lockdown mode will block most file attachments other than images in Messenger and disable features like link previews entirely. Lockdown mode will block mobile device management, wired communications with computers or accessories while the phone is locked, complex web features unless users add sites to a safe list, and service communications unless the user contacted the other party first.

The lockdown feature will be added this fall.

Blocking wired communications to locked phones could impact common law enforcement tools used in the United States, such as those sold by Cellebrite. In the past, when security technologies have butted heads with surveillance tools used by law enforcement, such as encryption, law enforcement groups complained – seeking lawmakers assistance to restore that functionality.

Ron Deibert, director of University of Toronto's Citizen Lab, which did most of the foundational research on the spread of NSO Pegasus, said that protecting subjugated groups is worth inconveniencing law enforcement agencies, who he believes have plenty of other tools at hand.

"I'm one of those people that happens to leave law enforcement agencies enjoy the golden age of surveillance. There's all sorts of data I secrete on a daily basis that just builds up into this huge spectrum that they can have access to," he said. "And I also am one of those people that doesn't believe we should reduce the security or all users to meet the partial needs of one particular stakeholder group that as I said, enjoy living in the golden age."

Deibert is part of a second announcement made by Apple at the same time: how it will spend potential winnings from the NSO lawsuit. Apple had already committed to donate $10 million plus the winnings from the case to civil service groups that would counter militarized spyware. On Wednesday it provided more detail, announcing that grants would be managed through the Ford Foundation's Dignity and Justice Fund. Deibert, along with representatives from Access Now, Amnesty Tech, Apple and The Engine Room, will be on Ford Foundation's technical advisory committee helping determine how to distribute the funds.

"The sale and use of spyware and other cyber weapons against human rights defenders, journalists, activists and dissidents is of enormous concern to the Ford Foundation. These weapons facilitate violence and reinforce authoritarianism and political repression. In recent years, we see that state and non-state actors have used spyware to track and intimidate human rights defenders, political dissidents, environmental activists in virtually every region of the world," said Lori McGlinchey, director of the foundation's Technology and Society team.

The first grants, she said, are expected to go out on late 2022 or early 2023.

"We desperately need more Citizen Labs and Amnesty Tech labs and this fund will help make that happen," said Deibert.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.