Does Lockdown mode equal security?
Recently Apple announced its new ‘Lockdown Mode’. It’s aimed at protecting users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware.
The most significant recent case of such an attack was highlighted by Guardian research from 2021. The report suggests that over 30,000 human rights activists, journalists and lawyers across the world may have been targeted using a hacking software known as Pegasus, created by the NSO Group.
Here, Victor Chebyshev, Lead Security Researcher at Kaspersky, considers if Apple’s new secure mode will be an effective defense against programs such as Pegasus? And he discusses what else can people do to mitigate the risks of being infected by target attacks.
Is Lockdown Mode safe?
Lockdown Mode is made up of an extremely useful set of functions, and it is relevant to all internet users, not just high-ranking officials, activists or journalists. This setting is also helpful to anyone who suspects that they are being digitally followed.
However, people should not be under the illusion that their device will be completely secure after activating Lockdown Mode. Although it is important to acknowledge it will become more difficult to attack such a gadget. As a result, the prices for zero-day vulnerabilities for the iOS platform will increase.
Nonetheless, as long as a device is in working condition, it is possible for it to be tracked without the need for expensive spyware like NSO Group’s Pegasus. Basic surveillance can be carried out at the base station of a cellular operator, for example. Or using other equipment that a potential target owns, such as an AirTag or AirPods, connected through the FindMy ecosystem. Through this system, attackers can also access device data, including photos.
How can people protect themselves?
To completely protect themselves, people should turn off their devices and place it in a Faraday cage. In such a situation, it is obviously impossible to use the gadget, but any other mode is still a compromise between security and everyday functions. Yes, hacking is more difficult with such modes, but it cannot be ruled out entirely.
It should be remembered that threats such as Pegasus are often primarily focused on recording conversations with the victim, including communications in instant messengers. It is likely that with Lockdown Mode enabled, a device will be less likely to be infected by Pegasus. As a result, the attack vector will shift from the end device towards the corresponding infrastructure: messenger servers or the personnel servicing them.
To mitigate the risks of being infected by programs like Pegasus, Kaspersky recommends that users:
- Reboot the device daily – Regular reboots of the device can be effective against attacks, relying on zero-click zero-days with no persistence (like Pegasus). If a person resets their gadget daily, the intruder will have to repeatedly re-infect it.
- Turn off iMessage – The messaging app is a built-in service in iOS and is enabled by default, which is the best delivery mechanism for zero-click chains. That makes this messenger pretty attractive to intruders.
- Don’t click on links received in messages – Sometimes, zero-click zero-day chains can be delivered through a message, such as SMS, email or messenger app. The safest option to open links from interesting messages is to use a desktop computer, preferably using the TOR Browser, or better yet using a secure non-persistent OS such as Tails.
- Use a VPN to cover traffic – Some exploits are delivered via MitM’s GSM attacks while browsing HTTP sites, or hijacking DNS. Using a reliable VPN solution to mask someone’s traffic makes it harder for a GSM carrier to target them directly over the internet. It also complicates the targeting process if attackers control people’s data flow, for example while roaming.
Read other helpful tips in the Kaspersky blog ‘Staying safe from Pegasus, Chrysaor and other APT mobile malware’ via this link.
