Apple prides itself on the security measures built into its software and hardware—and it continues to add new protections and safeguards over time. Lockdown Mode is a new feature heading to iPhones, iPads, and Macs later this year, and it promises to protect your devices from “highly targeted cyberattacks.”
As you might surmise from the name, Lockdown Mode is a bit like closing the shutters, double-bolting the doors, and turning off all the lights in your home. It severely restricts the kinds of activity allowed on your devices, the logic being that if something unwanted has gained access, the damage will be limited.
For example, attachments other than images get turned off in Messages, and link previews are disabled. Incoming FaceTime calls from unknown numbers are blocked, as are wired connections with other hardware and accessories. Shared albums are removed from the Photos app, and new shared album invitations are blocked.
On a more technical level, a number of web technologies are turned off, including just-in-time (JIT) JavaScript compilation (where code is run and compiled at the same time.) In addition, configuration profiles (for work or school for example) can’t be installed.
Lockdown Mode will be arriving on iPhones with iOS 16.
Courtesy of Apple
Lockdown Mode is disabled by default but can be enabled on an iPhone by going to Settingsthen Privacy and Securitythen LockdownMode. Turning it on or off requires a system reboot and the device’s PIN. While Apple is describing the feature as something for users at risk from “state-sponsored mercenary spyware”—which sounds like high-profile targets—anyone will be able to switch it on for additional protection.
“Lockdown Mode is an extreme, optional protection that should only be used if you believe you may be personally targeted by a highly sophisticated cyberattack,” is the way that Apple puts it in its support documentation. “Most people are never targeted by attacks of this nature.”
As Apple explains, the overall idea is to reduce the attack surface that malware and spyware have access to. Tools including the Pegasus spyware package developed by the NSO Group have the potential to read texts, track calls, collect passwords, monitor a user’s location, and more—and some require no interaction from the user.
With Pegasus, for example, a WhatsApp call to the target device is all it takes for the spyware to start its work, even if the call isn’t answered. It’s worth noting that this particular piece of spyware is blocked from running on devices with iOS 15 or higher installed, but there are plenty of other threats still out there, and plenty more that will be developed in the future.
Paul Haskell-Dowland has been in the cybersecurity education and research domain for two decades — and he is on a mission to teach the rest of us how to stay safe online.
It’s a significant job for the Professor of Cyber Security Practice at Edith Cowan University.
The cost of cybercrime in Australia is incredibly high, although the figure is likely even greater than the reported data suggests.
Cybercriminals operate in very sophisticated environments.(Supplied: Paul Haskell-Dowland)
“It was estimated [a couple of years ago] that the global cost of cybercrime … was going to hit the $1 trillion mark, and I believe it has passed that,” he said.
“It’s very hard to get an accurate indication of these figures, because so much of the cybercrime goes unreported.”
Professor Haskell-Dowland, who is also Associate Dean for Computing and Security, said for many people, their only insight into the world of cybercrime was what was portrayed in the media in movies like Hackers, and even the Diehard franchise.
“If we go back a few years and think about the Hollywood impression of cybersecurity, it was criminals in darkened rooms, sitting behind a keyboard, usually with a hoodie and tapping away at a computer and hacking into systems,” he said.
“We’ve had that glamorized view of cybercrime or cybersecurity for many, many years.”
Criminals increasingly sophisticated
Professor Haskell-Dowland said this portrayal was not entirely accurate and, in reality, cyber threats come from far more organized operations, which are “incredibly well-resourced”.
“This is a global network of cybercriminals, engaging in very significant levels of crime,” he said.
“We’ve seen cybercriminal groups who are incredibly well organised, are reporting profits of hundreds of millions of dollars … so they’re competing with large multinational corporations.”
With this high level of sophistication, individuals were becoming increasingly more susceptible to attacks.
Cybercrime is estimated to be a trillion-dollar industry.(Supplied: Paul Haskell-Dowland)
“It’s not just targeting one person, it could be targeting 100,000 people in just a click of a mouse, or a few key presses,” Professor Haskell-Dowland said.
He said there was an array of ways individuals could be compromised by this kind of activity.
“Sometimes it’s things like scams, but we also hear about things like ransomware, where people’s computers are taken over and their data or files are stolen or encrypted in a way that prevents them from accessing them, and then being forced to pay fines to recover that data,” he said.
“For the past few years, identity theft has been something that has raised alarm bells and people often see things like card-skimming being a bit of an issue.”
How to protect yourself
Professor Haskell-Dowland said there were several relatively simple ways individuals could protect themselves against cybercriminals.
He said the first involved looking at the “boring subject” of their password practices, which he said was of paramount importance.
Professor Haskell-Dowland says you should never use the same password for multiple accounts.(Supplied: Paul Haskell-Dowland)
“People find a password that meets the criteria, and then they reuse them on multiple systems, and that would be fine if all of the systems that they used were secure, and were never compromised,” he said.
“Unfortunately, all it takes is for the weakest one of those systems to be compromised and that one password that you thought was secure, is now in the public domain, it’s publicly available.”
Professor Haskell-Dowland, who personally has more than 500 passwords, recommends that passwords are not only unique to each site, but are also stored safely and securely.
“I use a password manager to make sure that they’re all stored safely,” he said.
“Even having a notepad of all of those passwords and keeping that locked away in a drawer at home is still better than having the same password on every single system.”
Professor Haskell-Dowland also suggested updating all systems and backing up data.
“Always apply updates to … every device that you’re using, including your mobile phone … to make sure that the cybercriminals don’t have an easy foothold into your system,” he said.
“Making sure that you have a copy of all of the important data … so that in the event that you get an attack, maybe you get some malicious software on a computer, you don’t lose everything.”
Targets go beyond the individual
Professor Haskell-Dowland said it was not only individuals who were susceptible to cybercrime. It also had the potential to be used as a hugely disruptive warfare strategy.
“We could be talking about the systems that control electricity, the systems that control water,” he said.
“The things that we utterly depend upon, for our day-to-day life… are often computer controlled.
“If you’re an adversary and you’re wanting to target a country, then it is much easier to attack infrastructure via digital means than it is to launch, for example, a missile to try and target a power station.”
Professor Haskell-Dowland says, unfortunately, many people still write down their passwords and leave them in obvious places.(Supplied: Paul Haskell-Dowland)
But despite the huge risks that cybercrime poses, Professor Haskell-Dowland said we should not “get too carried away with panic.”
“The issues in cybercrime are significant, and they are growing, but so is the defensive side — there’s an enormous amount of time, effort and money being spent on defending the nation and defending the individual,” he said.
“The reality is most cybercriminals are still very lazy in their perspective and they will go for the easiest targets, so simply making yourself that little bit more difficult to be a victim means that they’ll simply move on to easier and easier targets.”
