Apple Will Block Spyware Attacks

Uploaded on 2022-07-18 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Apple has announced that it will introduce a new security feature to protect high-risk users from spyware attacks. “Apple is previewing a groundbreaking security capability that offers specialised additional protection to users who may be at risk of highly targeted cyber attacks from private companies developing state-sponsored mercenary spyware,” says an Apple news up-date. 

Lockdown Mode will be available in the autumn with the next operating system across all of the company's iPhones, iPads and Macs which will enable users to significantly reduce some features to protect devices from infection.

Apple says the new feature is an “extreme optional protection” for device owners who are more likely to be targeted by nation states using powerful spyware, like journalists, human rights defenders and political activists.
The setting blocks certain functions and prevents unknown users from calling. It comes after Apple devices owned by activists, politicians and journalists were infected with spyware.

Apple is suing NSO Group an Israeli spyware company accusing it of targeting victims in 150 different countries with its powerful Pegasus spyware.

The firm's software could infect both iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras. NSO Group says its tools are made to target terrorists and criminals and insists it only supplies Pegasus to military, law enforcement and intelligence agencies from countries with good human rights records.

When the extent of the alleged surveillance was revealed last July, Apple faced criticism from privacy and security experts for not protecting users. It quickly released an emergency software update to all devices to patch up the vulnerability that Pegasus had secretly been using for years.

Apple is releasing Lockdown Mode as a wider security feature it claims can protect devices from all known spyware currently on the market. Lockdown Mode will include the following protections: 

Messages:  Most message attachment types other than images are blocked. Some features, like link previews, are disabled

Web browsing: Certain complex web technologies, like just-in-time JavaScript compilation, are disabled unless the user excludes a trusted site

Calls: Incoming invitations including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request

Wired connections:  With a computer or accessory are blocked when iPhone is locked

At launch, Lockdown Mode will be available to all users in the device settings, but Apple suggests it should only be activated if someone is a risk of what it calls "mercenary spyware attacks", for example a journalist or opposition leader in a repressive regime. 

Apple announced it will double the bounty threshold it pays out to ethical hackers who discover security flaws in Lockdown Mode to $2m (£1.7m).The US firm will also donate $10m to a fund helping organisations expose the misuse of spyware.

Apple:    Reuters:      Bloomberg:     BBC:     Express & Star:    Washington PostCNet:   Independent:  

You Might Also Read: 

Pegasus Spyware & Not-For-Profit Cyber Security - What Are The Risks?:

 

« Conversational Commerce Is Going To Be Big - But Could Be Risky
Cyber Security In Fintech »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

Axonius

Axonius

Axonius is the only solution that offers a unified view of all assets and their coverage, empowering customers to take action to enforce their organization’s security policies.

Sanderson Recruitment

Sanderson Recruitment

Sanderson is a recruitment company providing expert recruitment services in areas including Cyber & Information Security.

TAC Security (TAC Infosec)

TAC Security (TAC Infosec)

TAC Security (aka TAC Infosec) is a leading and trusted cyber security consulting partner that specializes in securing the IT infrastructure and assets of enterprises.

ZecOps

ZecOps

ZecOps is a cybersecurity automation company offering solutions for servers, endpoints, mobile devices, and custom devices.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Axellio

Axellio

Axellio provides economic, end-to-end cyber security solutions designed for your team, environment, and security objectives, providing packet level visibility across your network.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

IntegraONE

IntegraONE

IntegraONE is a IT solutions provider offering a full range of networking and technology solutions.

Silent Quadrant

Silent Quadrant

Silent Quadrant delivers incomparable cybersecurity consulting, digital transformation, and risk management within our purpose-driven clients - empowering them to be the most resilient entities.

Guardsman Cyber Intelligence (GCI)

Guardsman Cyber Intelligence (GCI)

GCI provides proven cyber intelligence solutions to protect your business against ever present physical and digital threats shadowing your online business.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.

Prizsm Technologies

Prizsm Technologies

Prizsm is a computational storage capability that provides flexible, easy-to-use, resilient solutions for quantum-resistant, hyper-secure cloud storage and communications.

Apex iQ (ApexiQ)

Apex iQ (ApexiQ)

ApexiQ is a continuous asset assurance platform that empowers you with the confidence to make better data-driven decisions and take automated action to reduce your risk.