In a move aimed at dealing with the surge in state-sponsored mercenary spyware attacks targeting its flagship iOS platform, Apple announced ‘Lockdown Mode'. that it says significantly reduces the attack surface by adding technical barriers to minimise sophisticated software exploits.
But is it a silver bullet? According to Kaspersky, the answer is “no”.
Lead security researcher at Kaspersky Victor Chebyshev, said, on one hand, Lockdown Mode is made up of an extremely useful set of functions, which can be helpful to all Internet users, not just high-ranking officials, activists, or journalists. It is also helpful to anyone who suspects that they are being digitally followed.
However, he cautions that users shouldn't assume that after activating Lockdown Mode their device will be 100% secure. It will, however, make it more difficult to attack devices in this mode, and as a result, the prices for zero-day vulnerabilities for the iOS platform will increase.
Nonetheless, Chebyshev says as long as a device is in working condition, it is possible for it to be tracked without the need for expensive spyware. “Basic surveillance can be carried out at the base station of a cellular operator, for example. Or using other equipment that a potential target owns, such as an AirTag or AirPods, connected through the FindMy ecosystem. Through this system, attackers can also access device data, including photos.”
A compromise remains
He says the only way for individuals to be guaranteed absolute protection would be to turn off their devices and place them in a Faraday cage, or an enclosure used to block electromagnetic fields. However, this is obviously neither practical nor possible, so they need to realise that any other mode is still a compromise between security and everyday functions.
Yes, with more secure modes, hacking is more difficult, but it cannot be ruled out entirely, he says.
It should be remembered that threats such as Pegasus are often primarily focused on recording conversations with the victim, including communications in instant messengers. It is likely that with Lockdown Mode enabled a device will be less likely to be infected by Pegasus. As a result, the attack vector will shift from the end device towards the corresponding infrastructure: messenger servers or the personnel servicing them.
To mitigate the risks of being infected by advanced spyware, Kaspersky recommends users reboot their devices daily, as regular reboots can be effective against attacks that rely on zero-click zero-days with no persistence. In this instance, if a user resets their gadget every day, the intruder will have to re-infect it over and over again.
The only way for individuals to guarantee absolute protection would be to turn off their devices and place them in a Faraday cage.
Victor Chebyshev, Kaspersky
Also, users can turn off iMessage, which is enabled by default in iOS, and which is the best delivery mechanism for zero-click chains and therefore pretty attractive to intruders, the security giant adds.
The company also advises to never click on links received in messages. “Sometimes zero-click zero-day chains can be delivered through a message, such as SMS, email or messenger app. The safest option to open links from interesting messages is to use a desktop computer, preferably using the TOR Browser, or better yet using a secure non-persistent OS such as Tails.”
Finally, Kaspersky advises using a VPN to cover traffic. Some exploits are delivered via man-in-the-middle GSM attacks while browsing HTTP sites, and others by hijacking DNS. “Using a reliable VPN solution to mask someone’s traffic makes it harder for a GSM carrier to target them directly over the Internet. It also complicates the targeting process if attackers control people’s data flow, for example, while roaming.”
Share