Experts Blog

Pegasus Attacks, iOS 16, and Lockdown Mode
August 9, 2022
Fortalice Solutions

Overview of Threat

 

Apple recently “pre-released” a new update to IOS to combat anew rising software attack. The updated iOS 16, which will formally be released in the Fall, is available now in public beta. Apple’s latest operating system features what it is calling, “Lockdown Mode,” which implements stricter security measures designed to prevent a Pegasus-style attack.

 

Pegasus spyware, a controversial tool of Israeli-based companyNSO Group, has been linked to several high-profile individuals, including murdered Washington Post journalist Jamal Khashoggi, over the last few years. Lockdown mode is designed to combat the exfiltration and monitoring of sensitive data flowing to and from Apple products from Pegasus and other similar spyware tools. Last year, the U.S. Government issued a trade ban against NSO Group, in part for supplying Pegasus to authoritarian governments around the world.

 

While the number of individuals targeted by Pegasus to date has been relatively small, it has included “members of the European Parliament,Catalan presidents, legislators, jurists,” according to Citizen Lab. Meanwhile,Forbidden Stories, a group of media organizations fighting to protect journalists across the globe, uncovered a list of more than 50,000 individuals, including10 prime ministers, three presidents, and one king, that have been targeted for future Pegasus attacks. In September 2020, Apple released software that warned individuals if they had been compromised by the Pegasus tool.

 

According to Apple, the new lockdown mode provides “extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security.” While the feature goes a long way in securing the iPhone, it also limits functions that users may have come to expect with their Apple devices. Individual users will need to weigh their needs for stricter security measures with the loss of some functionality to Apple devices.

 

Fortalice Recommendation

 

Chris Furtick, Director of Incident Response and Security Engineering at Fortalice, recommends users who fall into one or more of the following categories take advantage of the new security features:

 

●     Political figures and candidates;

●     Reporters who deal with sensitive topics;

●     Anyone with a “target” on their back from a country, a group, or an individual;

●     Children who receive phones or iPads at a young age; and

●     Individuals, including the elderly, who may need extra built-in safety features for peace of mind.

Furtick lauded the intent of the new Lockdown Mode, saying, “it does its best to prevent the threat of danger caused from human error.” But, he added, that is also important “to find that middle ground between accessibility and security”appropriate for each individual user. While some users may require all the security features of the new tool, he explained, others might only need some of the individual features. Even then, Furtick explained, there may be a case where a user leverages all the security features on one phone (e.g., work phone) but declines the tool on another device (e.g., personal cell).

Additional Information

 

Pegasus101

●      Pegasus can be remotely installed on to a device without the target needing to open a link.

●      The spyware enables the nefarious actor to search through all items on a target’s device, including texts, photos, and emails.

●      The attacker can also secretly activate the mic and camera on a target’s phone.

 

LockdownMode (iOS 16) Limitations

Users who decide to activate lockdown mode will find that:

●      Message attachments (except for images)have been disabled;

●      Web technologies are disabled unless the user specifically excludes it from the Lockdown Mode list;

●      Incoming calls (including FaceTime calls) are blocked if the caller is not currently a contact;

●      No access to current or future shared photo albums;

●      Wired connection between phone and computers are blocked; and

●      Devices cannot enroll in mobile device management.

 

How to Activate and Configure Lockdown Mode

●      Users must be running iOS 16 o theirApple devices.

○      Settings > Privacy & Security > Lockdown Mode, tap “Turn on Lockdown Mode,” and then tap “Turn On & Restart.”

●     Users can configure the tool to exclude websites from the limitations of Lockdown Mode:

○     AA > Website Settings, toggle off Lockdown Mode and tap “Turn Off.”

○     To view excluded websites:

■     Settings > Privacy &Security > Lockdown Mode and tap on “Configure Web Browsing” at the bottom of the page.