Apple's Lockdown Mode: Why There's a New Level of Security for Your iPhone
Ian SherrFormer Editor at Large / News
Ian Sherr (he/him/his) grew up in the San Francisco Bay Area, so he's always had a connection to the tech world. At CNET, he wrote about Apple, Microsoft, VR, video games and internet troubles. Aside from writing, he tinkers with tech at home, is a longtime fencer -- the kind with swords -- and began woodworking during the pandemic.
Apple will be offering a new "Lockdown Mode" for its iPhones, iPads and Mac computers this fall. It's designed to fight advanced hacking and targeted spyware like the NSO Group's Pegasus.
Why it matters
The move is Apple acknowledging, in a way, that the threat is serious and growing. Pegasus was used by repressive governments to spy on human rights activists, lawyers, politicians and journalists.
Cybersecurity watchers believe Apple may push customers and competitors to take stronger security postures. Ultimately, the way we all use technology may have to change.
Three years ago, Apple put up an ad in Las Vegas, showing the backside of one of its devices, with the phrase "What happens on your iPhone, stays on your iPhone." It was a bold, if cheeky, claim. But Apple is increasingly living up to it.
The tech giant has been ramping up its commitments to privacy and security with a string of new features that cybersecurity experts say are amounting to more than a bullet-point feature to differentiate its products from Samsung gadgets and other devices powered by Google's Android OS. Instead, Apple's moves have sent ripples through the advertising world and upset government officials -- signs, tech watchers say, that Apple is following through on its promises.
Of the people using its roughly 2 billion active devices around the world, Apple said few would actually need to turn the feature on. But cybersecurity experts say these types of extreme measures may need to become more commonplace as governments around the world broaden who they target while stepping up their frequency of attacks.
In just the last week, the FBI and Britain's MI5 intelligence organization took the rare step of issuing a joint warning of the "immense" threat Chinese spies pose to "our economic and national security," and that its hacking program is "bigger than that of every other major country combined." Other government agencies have made similar warnings about hacking from other adversaries, including Russia, which the US Office of the Director of National Intelligence said in 2017 has targeted think tanks and lobbying groups in addition to the government and political parties.
And unlike widespread ransomware or virus campaigns, which are often designed to spread as quickly as possible, targeted attacks are often designed for quiet intelligence gathering, which could lead to stolen technology, exposed state secrets and more.
Apple itself said last week that it's tracked targeted hacking efforts toward people in nearly 150 countries over the past eight months. Apple has already begun a program of warning people when they may be targeted. When Lockdown Mode is released in the fall, cybersecurity experts say, it'll represent an escalation on Apple's part, particularly because the feature will be available to anyone who wants to turn it on.
"There were a number of attempts over the years to make highly secure devices, and it's great to have those things and having them put out there, but we haven't seen widespread adoption," said Kurt Opsahl, deputy executive director and general counsel at the Electronic Frontier Foundation, which advocates for privacy and other civil liberties in the digital world. And though Opsahl believes an up-to-date phone is probably good enough for the average person, he said that any way Apple can raise the cost of hacking a phone helps protect the devices.
"Make no mistake about it, Lockdown Mode will be a major blow," said Ron Deibert, a professor of political science and director of the Citizen Lab for cybersecurity researchers at the University of Toronto.
Much of Apple's approach to cybersecurity can be traced back to 2010, when company co-founder Steve Jobs discussed his view of privacy on stage at D8 conference.
"Privacy means people know what they're signing up for, in plain English, and repeatedly," Jobs said. "Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do."
It was a departure from other internet giants, such as Facebook, whose co-founder, Mark Zuckerberg, was listening in the audience. Google, Facebook and Amazon largely make their money through targeted advertisements, which are often at odds with user privacy. After all, the more targeted the ad, more relevant and effective it likely is.
Apple, by comparison, makes little of its money from advertisements. Instead, the iPhone, iPad and Mac computers made up more than 70% of its sales last year, adding up to over $259 billion combined.
Accordingly, Apple offers security features by default across the board to all its users. When people download Facebook for the first time and start using it on their phone, they're quickly greeted with popups asking whether they want to give the app access to their microphone or camera.
Last year, Apple took it a step further, asking if people wanted to stop companies from tracking them across websites and apps, a feature Apple calls App Tracking Transparency. Research surveys suggest nearly all people answer that they don't want to be tracked, a move that Facebook owner Meta said has meaningfully hurt its finances, costing as much as $10 billion in lost sales this year. "It's a substantial headwind to work our way through," Meta CFO David Wehner said in February.
But offering effectively a new mode on iPhones altogether is an entirely new approach. When people activate Lockdown Mode on their device, by flipping a switch in the settings app, it then needs to restart -- effectively loading a new set of code and rules under Apple's "extreme" security measures.
"Apple is ultimately making it as easy as possible to make choices about security and privacy," said Jeff Pollard, a Forrester analyst who focuses on cybersecurity and risk. Pollard said this approach offers an opportunity for Apple to test the waters between usability and security, while following through on its promise to continually improve on Lockdown Mode over time. "We have to make it easier to do, so our adversaries have to try harder."
Lockdown Mode may be one of Apple's most significant security moves to date, but the company still has more it needs to do. Craig Federighi, Apple SVP and head of software, testified to a courtroom last year that his company's Mac computers face a "significantly larger malware problem" than its iPhones, iPads and other devices.
"Today, we have a level of malware on the Mac that we don't find acceptable," Federighi said during testimony defending Apple in a lawsuit with Fortnite maker Epic Games. Each week, Apple identifies a couple of pieces of malware on its own or with the help of third parties, he said back then, and it uses built-in systems to automatically remove malicious software from customers' computers. The nasty programs still proliferate, though. In the year ended last May, Federighi said, Apple had fought 130 types of Mac malware, and one program alone infected 300,000 systems.
Lockdown Mode doesn't directly address widespread malware issues, but it could end up forcing hackers to put even more time and resources toward finding security flaws they can exploit.
"Something has to be done," said Betsy Sigman, a distinguished teaching professor emeritus at Georgetown University's McDonough School of Business.
An alarming problem to Sigman is that malware developers stand to make hundreds of millions of dollars from targeted hacks like Pegasus. The groups that have sprung up to fight them, meanwhile, are much smaller and need funding both to fight the threat and to help protect and educate potential victims.
"It's going to cost a lot of money," Sigman said. Apple pledged a grant of at least $10 million to the Dignity and Justice Fund, which was established by the Ford Foundation, to help support human rights and fight social repression. Sigman said much more investment will be needed. "I hope Apple will get together with other high-tech companies and work together on this."
Meanwhile, many cybersecurity experts, including Susan Landau, are looking forward to trying out Lockdown Mode when Apple releases it in the fall, along with its annual set of major software upgrades. A cybersecurity and policy professor at Tufts University, and a former employee at Google and Sun Microsystems, Landau is already careful about what websites she visits and what devices she uses. She keeps a separate Google Chromebook for handling her finances, and she refuses to download most apps to her phone unless she knows she can trust the company that made them.
"It's convenience versus security," she said. Landau follows these protocols out of principle, because she -- like nearly all of us -- doesn't have the time or capability to validate every app or website's safety. Apple and Google both have established security tests for their respective app stores, but Landau said the new apps, capabilities and upgrades that arrive each year can make them more vulnerable. "Complexity is the bane of security."
To her, Lockdown Mode may help us all begin to understand the balance between gee-whiz features and security, particularly as state-sponsored hackers step up their attacks. "People have gotten used to the convenience without understanding the problems," Landau said. "The convenience we've all grown accustomed to has got to change."