Apple Will Block Spyware Attacks

Apple has announced that it will introduce a new security feature to protect high-risk users from spyware attacks. “Apple is previewing a groundbreaking security capability that offers specialised additional protection to users who may be at risk of highly targeted cyber attacks from private companies developing state-sponsored mercenary spyware,” says an Apple news up-date. 

Lockdown Mode will be available in the autumn with the next operating system across all of the company's iPhones, iPads and Macs which will enable users to significantly reduce some features to protect devices from infection.

Apple says the new feature is an “extreme optional protection” for device owners who are more likely to be targeted by nation states using powerful spyware, like journalists, human rights defenders and political activists.
The setting blocks certain functions and prevents unknown users from calling. It comes after Apple devices owned by activists, politicians and journalists were infected with spyware.

Apple is suing NSO Group an Israeli spyware company accusing it of targeting victims in 150 different countries with its powerful Pegasus spyware.

The firm's software could infect both iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras. NSO Group says its tools are made to target terrorists and criminals and insists it only supplies Pegasus to military, law enforcement and intelligence agencies from countries with good human rights records.

When the extent of the alleged surveillance was revealed last July, Apple faced criticism from privacy and security experts for not protecting users. It quickly released an emergency software update to all devices to patch up the vulnerability that Pegasus had secretly been using for years.

Apple is releasing Lockdown Mode as a wider security feature it claims can protect devices from all known spyware currently on the market. Lockdown Mode will include the following protections: 

Messages:  Most message attachment types other than images are blocked. Some features, like link previews, are disabled

Web browsing: Certain complex web technologies, like just-in-time JavaScript compilation, are disabled unless the user excludes a trusted site

Calls: Incoming invitations including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request

Wired connections:  With a computer or accessory are blocked when iPhone is locked

At launch, Lockdown Mode will be available to all users in the device settings, but Apple suggests it should only be activated if someone is a risk of what it calls "mercenary spyware attacks", for example a journalist or opposition leader in a repressive regime. 

Apple announced it will double the bounty threshold it pays out to ethical hackers who discover security flaws in Lockdown Mode to $2m (£1.7m).The US firm will also donate $10m to a fund helping organisations expose the misuse of spyware.

Apple:    Reuters:      Bloomberg:     BBC:     Express & Star:    Washington PostCNet:   Independent:  

You Might Also Read: 

Pegasus Spyware & Not-For-Profit Cyber Security - What Are The Risks?:

 

« Conversational Commerce Is Going To Be Big - But Could Be Risky
Cyber Security In Fintech »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Brookings Institution

Brookings Institution

The Brookings Institution is a nonprofit public policy organization. Cyber security is covered within the various study areas.

Electus Recruitment Solutions

Electus Recruitment Solutions

Electus is a leading recruitment specialist in the Engineering, Technology & Digital and Cyber & Security sectors.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

BMS Group

BMS Group

BMS is an independent, employee-owned specialist insurance broking group. Broking solutions include Cyber and Technology.

Secure Decisions

Secure Decisions

Secure Decisions focus on research and product development related to national security including information assurance, computer network defense, cyber security education, and application security.

Prolimax

Prolimax

Prolimax deliver innovative solutions to IT Manufacturers, Distributors, Resellers and End-users including Data Erasure and secure IT Asset Disposition (ITAD)

AnChain.AI

AnChain.AI

AnChain.AI's analytics platform proactively protects crypto assets by providing proprietary artificial intelligence, knowledge graphs, and threat intelligence on blockchain transactions.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Riskonnect

Riskonnect

Riskonnect technology empowers organizations with the ability to anticipate, manage, and respond in real-time to strategic, operational, and digital risks across the extended enterprise.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

Teleskope

Teleskope

Teleskope are on a mission to empower businesses to protect sensitive data by default.

SequelNet

SequelNet

SequelNet is an emerging MSP, providing 360° business IT solutions and consulting services.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.

Zeta Sky

Zeta Sky

Zeta Sky offers a full range of IT and cyber-security services for your business.