July 6, 2022
UPDATE
Apple extends industry-leading commitment to protecting users from highly targeted mercenary spyware
Apple is previewing a breakthrough security capability that provides specialized additional protection for users at high risk of targeted cyberattacks from private companies developing targeted spyware. state-funded rental. Apple is also providing details of its $10 million grant to advance research that outlines such threats.
Apple today detailed two initiatives to help protect users who may be personally targeted by some of the most sophisticated digital threats, such as from emerging private companies. state-sponsored spyware development. Lockdown mode – the first major capability of its kind, coming this fall with iOS 16, iPadOS 16, and macOS Ventura – is an extreme, optional safeguard for a very small number of people. users face serious, targeted threats to their digital security. Apple also shared details of a $10 million cybersecurity grant it announced last November to help civil society organizations conduct research and advocate for software threats. mercenary spies.
“Apple makes the most secure mobile devices on the market. Lockdown mode is a breakthrough capability that demonstrates our unwavering commitment to protecting users from the most sophisticated, rarest attacks,” said Ivan Krstić, Director of Security Architecture and Engineering at the company. Apple said. “While the vast majority of users will never fall victim to highly targeted cyberattacks, we will work tirelessly to protect a small number of users. That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations worldwide to do critically important work in exposing these users. mercenary companies create these digital attacks”.
Lockdown mode provides the highest level of security, optionally for a very small number of users who, because of who they are or what they do, can be personally targeted by some sophisticated digital threat. such as from NSO Group and other private companies that develop state-sponsored mercenary spyware. Enabling Lock Mode in iOS 16, iPadOS 16, and macOS Ventura further enhances device protection and severely limits certain functions, drastically reducing the attack surface that can be hijacked by spyware highly targeted mining.
At launch, Lock Mode includes the following protections:
- Messages: Most types of message attachments other than images are blocked. Some features, like link previews, are disabled.
- Browsing: Some complex web technologies, such as JavaScript just-in-time (JIT) compilation, are disabled unless the user excludes a trusted site from Lock Mode.
- Apple services: Incoming service requests and invitations, including FaceTime calls, will be blocked if the user has not previously sent the originator a call or request.
- Wired connection to computer or accessory is blocked when iPhone is locked.
- The profile could not be set and the device could not be enrolled in mobile device management (MDM), while Lock Mode was enabled.
Apple will continue to enhance Lockdown Mode and add new protections to it over time. To invite feedback and collaboration from the security research community, Apple has also established a new category in the Apple Security Bounty program that rewards researchers who find Lockdown Mode bypasses and helps improve measures. its protection. Bonuses are doubled for qualifying finds in Lockdown, up to a maximum of $2,000,000 – the highest maximum bonus in the industry.
Apple is also funding $10 million, in addition to any damages awarded from the lawsuit against NSO Group, to help organizations investigate, expose, and prevent highly targeted cyberattacks, including attacks by private companies that develop state-sponsored mercenary spyware. The grant will be made to the Dignity and Justice Foundation established and advised by the Ford Foundation – a private foundation dedicated to promoting equity around the world – and is designed to pool resources philanthropy to promote social justice globally. The Dignity and Justice Fund is a financially funded project of New Ventures, a 501(c)(3) public charity.
“The global spyware trade targets human rights defenders, journalists and dissidents; Lori McGlinchey, Ford Foundation’s Technology and Society Program Manager. “The Ford Foundation is proud to support this exceptional initiative to advance research and civil society advocacy against mercenary spyware. We must build on Apple’s commitment and invite companies and donors to join the Dignity and Justice Foundation and bring additional resources to this collective fight.”
The Dignity and Justice Foundation is expected to make its first grants in late 2022 or early 2023, initially funding approaches to help expose mercenary spyware and protect Potential targets include:
- Build organizational capacity and strengthen field coordination of existing and new civil society cybersecurity research and advocacy groups.
- Assist in the development of standard forensic methods to detect and confirm spyware intrusions that meet the standards of evidence.
- Enabling civil society to work more effectively with device manufacturers, software developers, commercial security companies, and other relevant companies to identify and address vulnerabilities security.
- Raise awareness among investors, journalists and policymakers about the global mercenary spyware industry.
- Building the capacity of human rights defenders to identify and respond to spyware attacks, including security screening for organizations facing increasing threats for their network.
The Dignity and Justice Fund funding strategy to research, track and hold accountable enhanced cyberweapons trade will be advised by an independent, global Technical Advisory Committee . The original members included:
- Ron Deibert, professor of political science and director of the Citizens Lab at the Munk School of Public Policy & Global Affairs, University of Toronto
- Ivan Krstić, Apple’s Head of Security Engineering and Architecture
Ron Deibert, director of the Citizen Lab, a research group at the University of Toronto. “I applaud Apple for establishing this important grant, which sends a powerful message and helps nurture independent researchers and organizations advocating for catching spyware vendors for hire. must be held accountable for the harm they are causing innocent people.”
Tap Contacts
Scott Radcliffe
Apple
sradcliffe@apple.com
Apple Media Helpline
media.help@apple.com
(408) 974-2042
