Apple has announced "Lockdown Mode" to protect iPhone, iPad and Macintosh customers from spyware -- including those from NSO Group. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura "further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware," Apple indicated.
Apple's battle against NSO Group certainly influenced Lockdown Mode's development, SC Media notes. But what are the potential technical and business implications for MSSPs and security-minded MSPs? Here are five things to know about Apple Lockdown Mode:
1. At launch, Apple says, Lockdown Mode includes the following protections:
- Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
- Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
- Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
- Wired connections with a computer or accessory are blocked when iPhone is locked.
- Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.
2. Additional Enhancements: Apple will continue to strengthen Lockdown Mode and add new protections to it over time -- though the company did not describe a cadence for such enhancements or what the forthcoming capabilities may involve.
3. Not for Everyone: Lockdown Mode offers "an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware," Apple said.
4. Apple Security Bounty Program: A new category within the Apple Security Bounty program is designed to "reward researchers who find Lockdown Mode bypasses and help improve its protections." Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2 million — the highest maximum bounty payout in the industry, the company asserted.
5. Apple Philanthropy: On the financial front, the company said it is:
- Making a $10 million grant, in addition to any damages awarded from the lawsuit filed against NSO Group, to support organizations that investigate, expose, and prevent highly targeted cyberattacks, including those created by private companies developing state-sponsored mercenary spyware.
- The grant will be made to the Dignity and Justice Fund established and advised by the Ford Foundation — a private foundation dedicated to advancing equity worldwide — and designed to pool philanthropic resources to advance social justice globally.
- The Dignity and Justice Fund is a fiscally sponsored project of the New Venture Fund, a 501(c)(3) public charity. The fund expects to make its first grants in late 2022 or early 2023, initially funding approaches to help expose mercenary spyware and protect potential targets.
Apple Lockdown Mode: Remote Monitoring for MSPs, MSSPs?
So, what exactly does Apple Lockdown Mode mean for MSPs and MSSPs? We're watching to see if or how RMM (remote monitoring and management) and MDM (mobile device management) software can integrate with Apple Lockdown mode -- perhaps to see and ensure mission-critical iPhones, iPads and Macs are truly locked down.
Apple acquired RMM software provider Fleetsmith in June 2020. RMM rivals include JamF as well as well as Addigy -- which was purpose-built for MSPs.
Apple did not announce RMM, MSP or MSSP implications in the initial Lockdown Mode disclosure. We're reaching out to our sources in the MSP software market for additional context. Stay tuned for potential updates.
