Apple Will Block Spyware Attacks

Apple has announced that it will introduce a new security feature to protect high-risk users from spyware attacks. “Apple is previewing a groundbreaking security capability that offers specialised additional protection to users who may be at risk of highly targeted cyber attacks from private companies developing state-sponsored mercenary spyware,” says an Apple news up-date. 

Lockdown Mode will be available in the autumn with the next operating system across all of the company's iPhones, iPads and Macs which will enable users to significantly reduce some features to protect devices from infection.

Apple says the new feature is an “extreme optional protection” for device owners who are more likely to be targeted by nation states using powerful spyware, like journalists, human rights defenders and political activists.
The setting blocks certain functions and prevents unknown users from calling. It comes after Apple devices owned by activists, politicians and journalists were infected with spyware.

Apple is suing NSO Group an Israeli spyware company accusing it of targeting victims in 150 different countries with its powerful Pegasus spyware.

The firm's software could infect both iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras. NSO Group says its tools are made to target terrorists and criminals and insists it only supplies Pegasus to military, law enforcement and intelligence agencies from countries with good human rights records.

When the extent of the alleged surveillance was revealed last July, Apple faced criticism from privacy and security experts for not protecting users. It quickly released an emergency software update to all devices to patch up the vulnerability that Pegasus had secretly been using for years.

Apple is releasing Lockdown Mode as a wider security feature it claims can protect devices from all known spyware currently on the market. Lockdown Mode will include the following protections: 

Messages:  Most message attachment types other than images are blocked. Some features, like link previews, are disabled

Web browsing: Certain complex web technologies, like just-in-time JavaScript compilation, are disabled unless the user excludes a trusted site

Calls: Incoming invitations including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request

Wired connections:  With a computer or accessory are blocked when iPhone is locked

At launch, Lockdown Mode will be available to all users in the device settings, but Apple suggests it should only be activated if someone is a risk of what it calls "mercenary spyware attacks", for example a journalist or opposition leader in a repressive regime. 

Apple announced it will double the bounty threshold it pays out to ethical hackers who discover security flaws in Lockdown Mode to $2m (£1.7m).The US firm will also donate $10m to a fund helping organisations expose the misuse of spyware.

Apple:    Reuters:      Bloomberg:     BBC:     Express & Star:    Washington PostCNet:   Independent:  

You Might Also Read: 

Pegasus Spyware & Not-For-Profit Cyber Security - What Are The Risks?:

 

« Conversational Commerce Is Going To Be Big - But Could Be Risky
Cyber Security In Fintech »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

ExaGrid Systems

ExaGrid Systems

ExaGrid provides Tiered Backup Storage with a unique disk-cache Landing Zone, long-term retention repository, and scale-out architecture.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Arc4dia Labs

Arc4dia Labs

Arc4dia have developed SNOW, a cyber security solution to combat the world’s most sophisticated cyber threats.

US Secret Service

US Secret Service

The US Secret Service has a pivotal role in securing the nation’s critical infrastructures, specifically in the areas of cyber, banking and finance.

SYSGO

SYSGO

SYSGO is the leading European provider of real-time operating systems for critical embedded applications in the Internet of Things (IoT).

Rigado

Rigado

Rigado's mission is to enable commercial IoT success by providing high-performance secure and scalable wireless edge connectivity and network infrastructure.

Open Connectivity Foundation (OCF)

Open Connectivity Foundation (OCF)

OCF is dedicated to ensuring secure interoperability ensuring secure interoperability of IoT for consumers, businesses and industries.

Technology Law Alliance (TLA)

Technology Law Alliance (TLA)

Technology Law Alliance is a specialist IT law firm focussed on the fields of technology, outsourcing and e-commerce.

Barikat Cyber Security

Barikat Cyber Security

Barikat is a provider of information security solution and services including security analysis and compliance, security testing, managed security services, incident response and training.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

ThreatFabric

ThreatFabric

ThreatFabric integrates industry-leading threat intel, behavioral analytics, advanced device fingerprinting and over 10.000 adaptive fraud indicators.