Apple plans to release a new feature called “Lockdown Mode” later this year that aims to add a new layer of protection for human rights advocates, political dissidents and other targets of sophisticated hacking attacks.
The move comes after at least two Israeli firms exploited flaws in Apple’s software to remotely break into iPhones without the target needing to click or tap anything. NSO Group, the maker of the Pegasus software that can carry out such attacks, has been sued by Apple and placed on a trade blacklist by US officials.
“Lockdown Mode” will come to Apple’s iPhones, iPads and Macs this spring and turning it on will block most attachments sent to the Messages app. Security researchers believe NSO Group exploited a flaw in how Apple handled message attachments. The new mode will also block wired connections to iPhones when they are locked. Israeli firm Cellebrite has used such manual connections to access iPhones.
Apple representatives said that they believe sophisticated attacks the new feature is designed to fight — called “zero click” hacking techniques — are still relatively rare and that most users will not need to active the new mode.
Spyware companies have argued they sell high-powered technology to help governments thwart national security threats. But human rights groups and journalists have repeatedly documented the use of spyware to attack civil society, undermine political opposition and interfere with elections.
To help harden the new feature, Apple said it will pay up to US$2-million for each flaw that security researchers can find in the new mode, which Apple representatives said was the highest such “bug bounty” offered in the industry.
Apple also said it is making a $10-million grant, plus any possible proceeds from its lawsuit against NSO Group, to groups that find, expose and work to prevent targeted hacking. Apple said the grant will go to the Dignity and Justice Fund established by the Ford Foundation, one of the largest private foundations in the US.