Apple's recently released Lockdown Mode privacy tool has apparently being working well in real world scenarios, with the company revealing it recently stopped a major threat against vulnerable targets.
Useful for iPhone users who are high-level targets, such as journalists and human rights activists, Apple's Lockdown Mode has been found by researchers to have helped block attacks from the notorious Israeli cyber-intelligence firm, the NSO Group, using its Pegasus spyware.
The Citizen Lab, based at the University of Toronto, yesterday published its report where it analyzed three zero-day exploits - i.e. ones that Apple were unaware of - affecting iOS 15 and 16 systems that were used by the NSO Group to target Mexican human rights campaigners, among potential others.
Last line of defense
Thankfully, however, Lockdown Mode came to the rescue, blocking one of the exploits used, according to the researchers, becoming the first documented case of the feature preventing an attack.
Revelaed in July 2022, Lockdown Mode works by reducing the amount of exposed system code to an attack. The researchers also said that when the targets' phones blocked the attack, they received a notification saying that Lockdown Mode had prevented unauthorized access to the Home app.
The researchers noted, however, that it may be quite easy for hackers to determine who has and who hasn't got Lockdown Mode turned on, thus helping them to launch more successful attacks. Despite this, they were still buoyed by the fact that the feature worked.
“The fact that Lockdown Mode seems to have thwarted, and even notified targets of a real-world zero-click attack shows that it is a powerful mitigation, and is a cause for great optimism," Bill Marczak, a senior researcher at Citizen Lab, told TechCrunch.
Marczak did add a further caution, however, noting: “As with any optional feature, the devil is always in the details. How many people will opt to turn on Lockdown Mode? Will attackers simply move away from exploiting Apple apps and target third-party apps, which are harder for Lockdown Mode to secure?”
Apple spokesperson Scott Radcliffe said in a statement: “We are pleased to see that Lockdown Mode disrupted this sophisticated attack and alerted users immediately, even before the specific threat was known to Apple and security researchers. Our security teams around the world will continue to work tirelessly to advance Lockdown Mode and strengthen the security and privacy protections in iOS.”
On the other side, in a statement from the NSO Group, spokesperson Liron Bruck said: “Citizen Lab has repeatedly produced reports that are unable to determine the technology in use and they refuse to share their underlying data. NSO adheres to strict regulation and its technology is used by its governmental customers to fight terror and crime around the world.”
- Here is the best firewall to keep you safe