Let’s just get things out of the way. There is no such thing as a secure, hundred-percent hack-proof network device. At least, not yet. However, that did not stop Apple from testing this theory most recently. The tech giant announced a specialized additional protection layer for its customers who are worried about cyberattacks.
Particularly customers who are worried about state-sponsored cyberattack software such as Pegasus. Apple calls it Lockdown Mode. In short, it is an added layer of protection that turns off possible points of invasion, but it seriously limits the device’s usability.
Let’s see where the supposed future of total digital security is faring.
What is Lockdown Mode?
Lockdown Mode is a feature on the newest iPhones that will be released this fall with the new iOS 16, iPadOS 16, and macOS Ventura. According to Apple, Lockdown Mode is an extreme, optional security layer for specific users whose digital privacy needs extra protection.
Apple itself cited the NSO Group, which developed Pegasus, as an example. The company mentioned that these users could feel threatened because of the work they do or the kind of life they lead, which will cause them to be targeted by state-sponsored spyware.
Think, journalists, and political and human rights workers that have been targets of state-sponsored attacks and violence across the world.
The feature is essentially a more simplified operating system and needs to be turned onmanually from the phone’s settings. Once selected, a reboot initiates the device in Lockdown Mode.
But this added simplicity comes at a cost, namely, convenience and performance. Navigating webpages with Lockdown Mode turned on feels drastically slower and janky as per initial hands-on reviews on the feature.
Preemptive compilation of webpages with the help of Just In Time JavaScript is turned off in Lockdown Mode, making webpages load much slower. However, this exception can be manually deselected for trusted websites.
Certain Apple services will be restricted too such as incoming invites and service requests for FaceTime calls unless the receiver initiated the call or sends a request. Messages will block link previews and will block all attached files with the exclusion of a few image formats.
Security at the Cost of Convenience
The result of turning on the new security layer is that your device will be more secure but it will seriously limit its functionality. While compromises are a part of life, trading usability in favor of security is the current play by Apple.
But is it worth it, if your susceptibility to getting hacked significantly lowers by sacrificing comfort and features? For the select few the feature is targeted towards, it’s a positive move. For others, Apple’s implementation may rub them the wrong way.
The human brain is conditioned to receive rewards. We’d happily trade security if it mean being a lot more comfortable. Apple may have completely overlooked this basic psychological principle, favoring security over usability.
The Cupertino company isn’t removing extra features that no one cares about, either. They are removing features that users care most about. Messages will become extremely limited. Nomore FaceTime calls either and a tedious web browsing experience to boot. Even simple wired data transfer will be impossible when the new tool is turned on.
The most used features are indeed the most commonly targeted, so something like cell phone tracking with live updates won’t be as easy as before. Lockdown Mode, it feels, takes smartphones back to their infancy.
Take a look at passwords, for example. We frequently use easy passwords because they are easy to remember. We even tell our browsers to remember passwords that can be read by anyone. Most of us also use Facebook Login on websites where we don’t feel like creating a new account. But we conveniently overlook how big of a security threat signup via Facebook Login is.
What Spurred Apple to Take this Decision?
Before the Internet was invented, PCs and mainframes were isolated workstations, making lives easier by minimizing the repetitive, manual operations that were the norm back then. The only problem was running and making space for them.
Now even our toasters and refrigerators are connected to the Internet. And the more connected we get, the more susceptible we become to various threats lurking on the web. Even a simple Google search of “cute kittens” is equivalent to opening Pandora’s Box.
The phrase “attack surface” is used by security experts to characterize the number of possible places at which an unauthorized user can gain access to a system, retrieve data, and cause damage. It is easier to defend a smaller platform as it has fewer vulnerabilities. Unfortunately, the converse is also true. We are generating an attack surface of near-infinite dimensions in our race to make the Internet of Things the next big thing.
And the commercial availability of spy software that is capable of cell phone tracking with live updates has made every average Joe a walking, talking specimen of the “Hackerman” meme but with actual hacking and serious consequences attached to them.
Pegasus is the ultimate example of this and is responsible for the reputation spyware has today. The iMessage zero-click exploit was detected on iOS versions before 14.8. Cybercriminals were able to install the Pegasus spyware on consumers’ smartphones until Apple fixed the vulnerability in iOS 14.8.
Pegasus targeted iPhones belonging to journalists, lawyers, political activists, and opposition leaders in developing countries, where cybersecurity laws are practically nonexistent. And the software would essentially be bought by the most powerful dictatorships to silence their critics.
Another lighter edition (if you may call it) of such software is available to the general public in the form of remote monitoring apps. These monitoring apps continuously provide real-time information about the monitored device to the users. These apps are legitimate software developed to help track the activity of individuals, but with consent. They have been around ever since smartphones existed but are only recently getting mainstream attention.
Apple recently reported on a pair of zero-day vulnerabilities where one affected the iOS kernel, while the other impacted WebKit, but both grant attackers complete control of the impacted devices. The company has previously acknowledged similar extreme vulnerabilities and was aware of reports that such security holes had been exploited.
What can Apple do to Make Things Better?
Apple has hampered its growth by making it tough to explore and personalize the iPhone environment. However, users cannot blame Apple solely because most cell phone spying malware and spyware apps for iPhones do not break into the phone’s operating system but instead employ a backdoor from the iCloud account.
Even Apple’s employees were afraid of the tech giant acting as Big Brother and spying on them. So, Apple bandaging its wounds is an ironic sight.
Without sounding too harsh on Apple’s implementation, one must remember that Lockdown Mode is in its first iteration, with plans to improve and add more security capabilities in the future. It will continue to strengthen the system while minimizing the sacrifices users have to make.
Apple has also added a new category to its Apple Security Bounty program to reward researchers who discover Lockdown Mode bypasses and assist in improving the program’s security. Bounties are doubled in Lockdown Mode, up to a maximum of $2,000,000 – the industry’s largest maximum bounty payment.
Using AI to Improve Cybersecurity
One of the most significant benefits of AI systems is that they allow humans to be more efficient. AI can be used to speed up the completion of simple, repetitive tasks, or it can be used to execute much larger, more complicated jobs. AI systems, regardless of their application, are not constrained by human limits and will never become weary.
Even networks designed through artificial intelligence and machine learning can have flaws due to their functioning on the wrong input parameters, some unnoticed bugs left in their coding, or the dataset fed to them being flawed. Perhaps a truly secure modern infrastructure is set to exist in science fiction only.
As for Apple’s admittedly imperfect start, it is an initiative that many haven’t yet dared to take. And as technology evolves, Lockdown Mode could become essential in keeping out popular and widespread spyware, and may just be what the circumstances demand. We’ll be waiting for future versions as iOS 16 rolls out later this month.