{"id":19539,"date":"2022-07-07T06:30:07","date_gmt":"2022-07-07T14:30:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/07\/07\/news-13272\/"},"modified":"2022-07-07T06:30:07","modified_gmt":"2022-07-07T14:30:07","slug":"news-13272","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/07\/07\/news-13272\/","title":{"rendered":"Apple slaps hard against \u2018mercenary\u2019 surveillance-as-a-service industry"},"content":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Thu, 07 Jul 2022 06:17:00 -0700<\/strong><\/p>\n

Apple has struck a big blow against the mercenary \u201csurveillance-as-a-service\u201d<\/a> industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.<\/p>\n

Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers<\/a>. Apple describes this protection as \u201csharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.\u201d<\/p>\n

In recent years, a series of targeted spyware attacks against journalists, activists, and others have been exposed. Names including Pegasus, DevilsTongue, Predator, Hermit, and NSO Group have undermined trust in digital devices and exposed the risk of semi-private entities and the threat they show against civil society<\/a>. Apple has made no secret that it is opposed to such practices, filing suit<\/a> against the NSO Group in November and promising to oppose such practices where it can.<\/p>\n

\u201cApple\u2019s newly released Lockdown Mode will reduce the attack surface, increase costs for spyware firms, and thus make it much harder for repressive governments to hack high-risk users,\u201d said John Scott-Railton, senior researcher at the\u00a0Citizen Lab<\/a> at the University of Toronto’s Munk School of Global Affairs and Public Policy.<\/p>\n

\u201cWe congratulate [Apple] for providing protection to human rights defenders, heads of state, lawyers, activists, journalists, and more,\u201d tweeted<\/a> the EFF, a privacy advocacy group.<\/p>\n

At present, Apple says Lockdown Mode provides the following protections:<\/p>\n

Ivan Krsti\u0107, Apple\u2019s head of Security Engineering and Architecture, notes that Lockdown Mode can be applied to devices that are already enrolled in an MDM service. \u201cPre-existing MDM enrollment is preserved when you enable Lockdown Mode,\u201d he tweeted<\/a>.<\/p>\n

The company says it intends to extend the protection provided by Lockdown Mode over time and has invested millions in security research to help identify weaknesses and increase the integrity of this protection.<\/p>\n

Turning on Lockdown Mode. (Click image to enlarge it.)<\/p>\n

These attacks don\u2019t come cheap, which means most people are unlikely to be targeted in this way. Apple began sending threat notifications to potential victims of Pegasus soon after it was revealed and says the number of people targeted in such campaigns is relatively small.<\/p>\n

All the same, the scale is international, and the company has warned people in around 150 nations since November 2021. A BBC report<\/a> confirms hundreds of targets and tens of thousands of phone numbers leaked as a result of NSO\u2019s Pegasus alone. Victims have included<\/a> journalists, politicians, civil society advocates, activists, and diplomats, so while the numbers are small, the chilling impact of such surveillance is vast.<\/p>\n

I believe that such technologies will become cheaper and more available over time<\/a>, so it\u2019s only a matter of time before they leak into wider use<\/a>. Ultimately the very existence of such attacks \u2014 state-sponsored or not<\/a> \u2014 makes the entire world less safe, not safer.<\/p>\n

\u201cThere is now undeniable evidence from the research of the Citizen Lab and other organizations that the mercenary surveillance industry is facilitating the spread of authoritarian practices and massive human rights abuses worldwide,\u201d said Citizen Lab Director Ron Deibert<\/a> in a statement<\/a>. Deibert told CNET<\/a> he thinks Lockdown Mode will deal a “major blow” to spyware companies and the governments that use their products.<\/p>\n

\u201cWhile the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,\u201d said Apple’s Krsti\u0107 in a statement<\/a>. \u201cThat includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.\u201d<\/p>\n

There\u2019s little doubt Microsoft and Google will also move to provide similar protection to users. Google and Meta already offer tools to secure the accounts of those who are at an \u201celevated risk of targeted online attacks,\u201d but these tools don\u2019t go nearly as far as Lockdown Mode.<\/p>\n

Apple already makes vast investments in security<\/a>. For example, the company is working with others in the industry to support password-free authentication, has built tools to mask IP addresses<\/a> and continues to focus on user privacy<\/a>.<\/p>\n

The company will introduce a Rapid Security Response<\/a> feature for its devices this fall, which will make it possible to deploy security fixes outside of full security updates and much more. Apple is even investing in improving the security of programming languages<\/a>, further eroding potential attack surfaces.<\/p>\n

The company has now announced further investment in the security community:<\/p>\n

The fund will make its first grants later this year, focusing initially on initiatives to expose the use of mercenary spyware. In the press release announcing the initiative, Apple tells us these grants will focus on:<\/p>\n

The fund\u2019s grant-making strategy will be advised by a global Technical Advisory Committee. Initial members include Daniel Bedoya Arroyo<\/a>, digital security service platform analyst at Access Now<\/a>; Citizen Lab Director Ron Deibert<\/a>; Paola Mosso<\/a>, co-deputy director of The Engine Room<\/a>; Rasha Abdul Rahim<\/a>, director of Amnesty Tech<\/a> at Amnesty International; and Apple’s Krsti\u0107.<\/p>\n

Ford Foundation Tech and Society Program director Lori McGlinchey said:<\/p>\n

\u201cThe global spyware trade targets human rights defenders, journalists, and dissidents; it facilitates violence, reinforces authoritarianism, and supports political repression. The Ford Foundation is proud to support this extraordinary initiative to bolster civil society research and advocacy to resist mercenary spyware. We must build on Apple\u2019s commitment, and we invite companies and donors to join the Dignity and Justice Fund and bring additional resources to this collective fight.\u201d<\/p>\n

Following revelations about NSO Group last year, Apple\u00a0published a set of recommendations<\/a>\u00a0to help users mitigate against such risks. These guidelines do not even approach the kind of robust protection you can expect from Lockdown Mode, but it makes sense for anyone to follow such practices:<\/p>\n

Furthermore, Amnesty Tech is gathering signatures<\/a> to demand an end this kind of targeted surveillance of human rights defenders. I\u2019d urge readers to add their signature to my own<\/a>.<\/p>\n

Please follow me on\u00a0Twitter<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0Apple Discussions<\/a>\u00a0groups on MeWe.<\/em><\/p>\n

http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Jonny Evans| Date: Thu, 07 Jul 2022 06:17:00 -0700<\/strong><\/p>\n

\n
\n

Apple has struck a big blow against the mercenary \u201csurveillance-as-a-service\u201d<\/a> industry, introducing a new, highly secure Lockdown Mode to protect individuals at the greatest risk of targeted attacks. The company is also offering millions of dollars to support research to expose such threats.<\/p>\n

Starting in iOS 16, iPadOS 16 and macOS Ventura, and available now in the latest developer-only betas, Lockdown Mode hardens security defenses and limits the functionalities sometimes abused by state-sponsored surveillance hackers<\/a>. Apple describes this protection as \u201csharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.\u201d<\/p>\n

To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[2211,10480,10403,10554,5897,714,24580],"class_list":["post-19539","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-apple","tag-ios","tag-macos","tag-mobile","tag-privacy","tag-security","tag-small-and-medium-business"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19539"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19539\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19539"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}