To deal with cyberattacks and very high-level espionage, in particular software like Pegasus, Apple will launch an extreme security device, supposed to offer absolute security: Isolation mode.
Apple is attacking very high level computer attacks – including espionage – by launching an “extreme” protection mode, supposed to offer a higher level of security, but sacrificing some classic functions in the process. It must be said that since the case Pegasus which hit the headlines a few years ago, everyone is on the alert. Developed by NSO Group, an Israeli computer security company, this famous spyware has notably enabled states to monitor, in an extremely abusive manner, certain targeted users of Apple and Android. The apple firm also filed a complaint against the company in November 2021.
The company is waging a merciless war against what it calls mercenary spyware vendors (mercenary spyware vendors, in French) specializing in the development of spyware, which is most often sold to states. They are developing stealth tools, which use often unlisted flaws – known as zero-day, in computer jargon – in order to track, listen to or steal the data of certain targeted users. “While the vast majority of users will never fall victim to targeted cyberattacks, we work hard to protect the rare victims of these attacks.“said Apple in a press release. This software targets celebrities, politicians and senior executives of large corporations. “Engaged” people are also targeted, such as journalists, lawyers, human rights activists, activists, or any individual facing powerful adversaries. Individuals, who may experience more traditional digital threats such as phishing, do not normally need this extreme mode.
Isolation mode: a barrier against any intrusion attempt
The new mode, called Lockdown (Isolation in French), aims to “reduce the attack surface” possible within Apple’s operating systems. It will be available this fall on iOS 16, iPadOS 16 and macOS. Thanks to a button in the Settings, the user engages this protection mode which reduces the functions of the smartphone but in return increases their safety. It thus offers “an extreme and optional level of security.”
Isolation mode blocks certain functions. In messages, most types of attachments other than images are automatically blocked, as are link previews. A measure taken following the discovery of Pegasus, which made it possible to take control of a smartphone simply by displaying a link in an SMS! Certain technologies, such as JavaScript just-in-time (JIT) compilation, are disabled on the browser unless the user opts out of a trusted site from isolation mode. Incoming service requests and invitations, such as FaceTime calls, are also blocked if the user has never sent a call or request to their sender before.
Why ? Because it is possible to hack an iPhone through a Facetime call. It also secures wired connections with a computer or accessory, blocking them when iPhone is locked. Again, this is a measure taken against spyware capable of accessing, via Bluetooth or Wi-Fi, the content of telephones, even when it is on standby. Finally, no configuration profile can be installed when isolation mode is enabled. Function Deployment of Apple platforms – formerly Mobile device management settings – is therefore unavailable to prevent hackers from impersonating the administrator and taking control of the device by installing malicious applications.
An uphill battle against spyware
Isolation mode is therefore designed to protect targeted users against “rarest and most sophisticated attacks“, explains Ivan Krstić, head of security engineering and architecture for Apple. An extreme measure that could relieve more than one. But it is not the only decision taken by the apple. , the firm decided to double the premium as part of its Apple Security Bounty in order to reward experts able to find flaws in the Isolation mode, with the aim of improving its protections. The bounty is now at a maximum of two million dollars, a record in this sector.
Finally, Apple will pay $10 million (in addition to any damages awarded by the court in the lawsuit between Apple and NSO Group) to the Dignity and Justice Fund, managed by the Ford Foundation, over spyware driven by States. “The global spyware market targets human rights organizations, journalists and dissidents. It promotes violence, reinforces authoritarianism and supports political repression”said Lori McGlinchey, director of the Ford Foundation’s Technology and Society program. The first contributions to this program are expected to be made in late 2022 or early 2023, fostering coordination between cybersecurity researchers and advocacy groups, and allying with device makers, software developers, and technology companies. computer security in order to identify and correct faults.
For Ron Deibert, director of the University of Toronto and the Citizen Lab, which participated in the investigation against NSO Groupe, the merchants of this software and their practices “promote the spread of totalitarianism and the violation of human rights throughout the world.” Something that we would do well at the moment.