The iPhone Should Become More Secure – At The Expense Of User-Friendliness

Apple announces a new security feature designed to protect against sophisticated espionage attacks. This can be helpful, but it shows the dilemma of IT security.

Apple is rolling out a new security feature called "Lockdown Mode" this fall, which is intended to protect particularly vulnerable users from sophisticated espionage attacks. The group announced this on Tuesday in a background discussion with journalists. The new features come with the iOS 16, iPad OS 16, and macOS Ventura updates.

The new mode, which deactivates some central functions of the devices, is a reaction to the increased and targeted espionage attacks on civil rights activists, most of which probably come from the state. One of the reasons for Apple to introduce the innovation are the activities of the Israeli NSO Group, whose spy tools like Pegasus also attacked iPhones, according to an investigation by Amnesty Tech and the Canadian Citizen Lab . This also attracted attention because iPhones are considered by many to be better secured than Android devices. 

Sony Jumps Into
PC Gamer Accessory Market

In autumn 2021, a consortium of journalists, together with non-governmental organizations, showed how widespread the group’s espionage tools are around the world and how they were used by many authoritarian regimes to persecute their opponents. Such espionage can have deadly consequences for those affected. This is shown, among other things, by the murder of the Saudi Arabian journalist and correspondent for the Washington Post, Jamal Khashoggi, in the Saudi consulate in Istanbul in October 2018. His environment was demonstrably monitored with Pegasus.

Only very few users are exposed to the risk of such an attack, Apple emphasized in the background discussion - and they should now get a feature specially tailored to them. The mode deactivates the central gateways of previous sophisticated attacks: Message attachments (SMS, MMS and iMessages) are blocked except for images and the automatic link preview is deactivated. Among other things, those who activate the lockdown mode can no longer receive Facetime calls – except from contacts they have already called themselves.

The Latest From Spotify
To Create Your Own Bands

Certain web technologies are also disabled unless the user excludes a trusted website from lockdown mode. It also blocks connections to a computer or accessory. The device can't enroll in mobile device management (MDM), which organizations use to remotely manage devices. Also, no configuration profiles can be installed. With configuration profiles, users can specify settings, for example, to use their iPhone in networks and for accounts of companies or educational institutions. With the release of the new versions of the operating systems, all users worldwide can activate this new security feature from autumn.

Apple is also in the eternal dilemma

When it comes to protecting people from sophisticated cyber attacks, the idea of ​​Apple's lockdown mode is obvious and its implementation is certainly helpful - because it also protects vulnerable Apple users from attacks. At the same time, however, it also shows the eternal dilemma of IT security between user-friendliness and security: Time and again it has been shown that precisely those features that make interaction with technology pleasant and thus accommodate the convenience of the user often leave gaps for attacks. An everyday example is the link preview, with which one can see at a glance what is behind a link. 

Do You Know What We Have Posted on

twitter facebook instagram tumblr

This is practical, but malicious software can be loaded onto the smartphone in the background – this is how Pegasus got onto the devices of some victims. Another example is a straightforward login process without strong two-factor authentication, where you have to register with a password and, for example, an additional SMS. Apple has been doing a lot for some time to protect users' privacy without noticeably restricting the usability of its services. But the lockdown mode shows that this approach also seems to be reaching its limits.

Many people, like companies, find it difficult to assess digital dangers and protect themselves adequately. In the case of Pegasus, the NSO group's spy software, this was not even possible for many of those affected: some of the attacks were carried out using so-called zero-click attacks, which did not require user interaction to install the malware on the device – it came to the device via a link preview and attachments to messages. It is therefore obvious to deactivate or at least restrict the corresponding functions in order to protect users technically: It relieves those affected of having to delve deep into technical details to find out which behavior is potentially dangerous - and there is give them the opportunity to use a smartphone despite the many possibilities of digital attacks. Until now, anyone who wanted to be on the safe side could opt for a non-smart mobile phone or try, with a great deal of effort, to remain anonymous with their devices and contact details.

YouTube Will Force Channels
 To Show Their Number Of Subscribers

At the same time, an iPhone in lockdown mode is of course much less pleasant to use because many of the usual functions are switched off. This is probably why Apple never tires of emphasizing in the background discussion that only very few users really need the function. There seems to be a concern that too many people turn on lockdown mode and are then disappointed with the limited usability of their iPhone.

According to the screenshots presented by Apple, anyone who wants to activate the mode will be warned with two consecutive messages that this is an "extreme, optional protection" that should only be used if the user believes they are personally the target of a sophisticated attack be. "Most people are never attacked in this way," says one of the info texts that users see.

Made a mode out of necessity

The fact that users have to restrict themselves and the functionality of their devices can only be an emergency solution: Apple in particular with its iPhone has always placed a great deal of focus on usability in the past, i.e. on making the devices as intuitive and convenient to use as possible. Restricting usability now is visibly hurting the company - at least that's how you can understand that he's almost begging that only a few should use the new mode. But it is effective: Apple states that all known sophisticated attacks would not have been possible in lockdown mode.

A New World Order Is Emerging

Of course, there is no absolute security – the mode only makes it much more complex and expensive for attackers. However, one is of course aware that the attackers will continue to develop and look for new gaps, says Apple. In fact, the company can use measures such as the lockdown mode to combat the symptom, but not the root of the problem. Because the market with spy software continues to flourish.

The NSO group itself has had massive financial problems since the publications, says Ron Deibert, founder and director of the Canadian research institution Citizen Lab, which was the first to discover and discuss Pegasus, "but it is just one company in a very large industry". It is therefore important to continue working intensively on the topic and to uncover the corresponding activities of state and private actors.

Apple is also making a financial contribution at this point: in parallel with its new security feature, the company is also promoting the work of initiatives such as the Citizen Lab. Damage payments that the company expects from the lawsuit against the NSO group are to be donated, and Apple also wants to make a further ten million dollars available. These are to be distributed to projects worldwide via the Ford Foundation. This is intended to support organizations that investigate, detect and prevent sophisticated targeted cyber attacks.

At the same time, Apple is expanding its bug bounty program. With these programs, which other companies also offer, security researchers receive money if they find vulnerabilities in software. In the future, Apple will reward security researchers with up to two million dollars if they find gaps through which attackers can penetrate an iPhone despite the lockdown mode and share this information with the Cupertino company in a confidential process. According to the company, Apple has thus doubled the previous maximum amount – it is also the highest amount that the industry pays out for corresponding programs.

The fact that Apple has paid for the security of its software at this point is good news for its users. But it also shows how valuable the marketing promise of the safest smartphone in the world is for Apple.

Johnson Fires Minister,
Attorney General Calls For Resignation
Rafa Nadal leaves in the air if he will play the semifinal:
"It is not easy to withdraw from the Wimbledon center court"

Post a Comment