Reinforced security settings, which can be activated with a click to protect against the worst spyware: this is the novelty that Apple announced for its devices on Wednesday July 6.
The manufacturer of smartphones, tablets and computers, whose software security vulnerabilities have been exploited in the past by the elite spyware Pegasushas decided to make available, from the autumn, a “lockdown mode” (“isolation mode” in French) supposed to thwart infections by the most advanced spyware.
This will have a direct feature cost, as some will become inactive. It will become impossible to receive, with SMS, attachments such as images, while the preview of links by text message will also be deactivated. The user will also not be able to receive a video call via Apple’s Facetime technology from a new correspondent: there must have been a prior exchange (message or call). Some advanced web browsing features will also be disabled.
This is because calls, receiving attachments or web browsing, for example, are particularly vulnerable. to computer vulnerabilities, and therefore to entry points for malicious software. The Pegasus spyware, manufactured by NSO Group, took advantage of flaws in Apple’s SMS system to infect iPhones, and until recently.
If this feature allowing ” an extreme level of security » can be activated by all users, Apple considers that it primarily concerns “the very few users who, because of who they are or what they do, can be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing spyware on behalf of States ».
Apple forced to downgrade its service
To ensure the robustness of its “lockdown mode”, Apple has also announced that it will double the bonuses granted to hackers who find flaws in it and communicate them to it. Apple promises these “ethical hackers” up to two million dollars in rewards.
In hollow, this new mode also says a little of the impotence of Apple vis-a-vis these merchants of spy software and their hundreds of million dollars of research and development. The company is indeed forced, to offer an optimal level of security, to degrade its service to protect its most exposed users.
This enhanced protection mode is an additional step in the showdown that the company has engaged with NSO Group. Since fall 2021, the company has started warning its users when she has reason to believe they have been targeted by sophisticated spyware, specifically Pegasus. Apple took advantage of the press conference presenting the “lockdown mode” to indicate that notifications had been sent to its users in more than 150 countries, without however specifying the total number of alerts. Reason given by the company: the lawsuit which currently opposes it to NSO Group. Apple has indeed brought the Israeli company before the American courts, seeking in particular to prohibit it from using all the devices and services of the Apple brand.
Apple has already promised to pay the damages it could collect to organizations working on the detection and fight against malicious software. The company intends to anticipate this potential payment with a first check for $10 million granted to the Dignity and justice fund of the Ford Foundation, an American philanthropic organization, which should announce its first financings in the field of the fight against spyware in later in early 2023.