Last year, Apple released a Lockdown Mode feature to protect iPhone users from sophisticated spyware, such as for journalists and human rights defenders. Recently, researchers found evidence that it successfully blocked an attack from hackers using a spyware from infamous mercenary hacker provider NSO Group.
On Tuesday, the cyber-security and human rights research group called Citizen Lab released a report detailing how the Lockdown Mode blocked three new zero-day exploits in iOS 15 and iOS 16. Apple was unaware of these cyber vulnerabilities at the time they were used to target at least two Mexican human rights activists. One of the exploits was actually blocked using Lockdown Mode, according to the researchers. This feature was specifically designed to reduce the vulnerability of the iPhone and provide better security against hackers.
To the relief of Apple, the Guardian Lab researchers pointed out that Lockdown Mode was key in blocking the attack and even showed a notification that it prevented a third party from accessing the Home app. It is possible, however, that at some point NSO’s exploit developers may have worked around to fix the notification issue.
Despite this, the fact that the Lockdown Mode is effective gives great cause for optimism. Bill Marczak, a senior researcher at Citizen Lab and one of the authors of the report, said that “it shows that it is a powerful mitigation.” But as with any optional feature, Marczak raised the question of whether enough people will choose to turn it on, or if hackers will simply move away from exploiting Apple apps and target third-party apps which are harder to protect.
Apple spokesperson Scott Radcliffe commented on the findings, stating that they are pleased to know the Lockdown Mode worked and is a cause for great optimism. On the other hand, the NSO Group did not respond directly to the questions, but stated through a spokesperson that they always follow strict regulation and use their technology to combat crime and terror around the world.
Citizen Lab’s report was based on analyzing several phones suspected to be hacked using NSO’s spyware, Pegasus. This spyware is able to access location, messages, photos and virtually any kind of data the legitimate owner can access, and for years it has been used to target opposition politicians and journalists, as well as human rights defenders.
Apple fixed the HomeKit based vulnerability in iOS 16.3.1 released in February this year. Citizen Lab recommends staying up-to-date on iPhone versions and making full use of the available security features to defend against hackers.
NSO Group is an Israeli company which provides offensive cyber-intelligence operations and software to governments. In 2021, an international consortium of media organizations, named the Pegasus Project, exposed the company’s involvement in a series of global scandals. As a result, the U.S. government added NSO to its denylist, restricting any U.S. companies or individuals from doing business with them. However, it looks like their activity hasn’t been affected. Therefore, it’s important to stay vigilant and make use of all available security measures.
NSO Group’s co-founder is Tal Dillian, an entrepreneur and software engineer who since 2010 has evangelized the use of network and computer systems for intelligence gathering and military operations. He is also the CEO of Q Cyber Technologies, a Israeli Cybersecurity Startup. Tal is seen as a key figure in the world of cyber intelligence and continues to earn accolades from the cybersecurity industry.
