While system security loopholes should be patched with almost every update, both iOS and Android are heavily defended fortresses whose basic security measures aren’t that easy to crack. Exploits to fully penetrate the system are not available on every street corner – but there are some, because some companies specialize in selling such kits. Although it usually costs millions to break encryption, software manufacturers and specialized providers are still playing a game of cat and mouse. GrayKey, a small box that can unlock any iPhone up to iOS 11, is still well remembered. Other popular names are Cellebrite or the NSO Group with the Pegasus Trojan.
Lock mode: functions or features disabled
With iOS 16, Apple is introducing a very extensive security feature that aims to provide special protection. The target group is all those who risk having tools like Pegasus and Co. used against them. Apple cites journalists as examples, but regime opponents in despotic states or politicians can also defend themselves. However, this comes at a price, because since many practical functions are often associated with gateways for malware, blocking mode limits the variety of features. Specifically, the following measures will then come into force:
- Messages: Most types of message attachments except images are blocked. Some features, such as link previews, have been disabled.
- Web Browsing: Some complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless users disable blocking mode on a trusted website.
- Apple Services: Incoming invitations and service requests, including FaceTime calls, are blocked unless users have previously called or sent a request to the initiator.
- Wired connections to a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed and the device cannot be registered in mobile device management (MDM) when lock mode is enabled.
Further measures will follow – the fight even in court
However, Apple promises that there will be many further steps. The above points are just the beginning, additional mechanisms will follow. These should have in common that users give up comfort in favor of maximum security. By the way, anyone who finds security loopholes that subvert the lockdown mode can win up to two million dollars as part of the “Bug Bounty” program.
Apple has also taken the fight against surveillance software providers to another front. In the fall of 2021, the company filed a lawsuit against the NSO Group – the goal is to give a legal stop to the products. It is officially stated that Pegasus is intended exclusively for investigative authorities and cannot be purchased by normal users. However, it is well known that despotic states with serious human rights violations are among the important customers.