In a blogpost today, Apple said the new lockdown option was “a groundbreaking security capability that offers specialised additional protection to users who may be at risk of highly targeted cyberattacks from private companies developing state-sponsored mercenary spyware”.

To further enhance lockdown mode’s capability, Apple spelt out details of a $US10m cybersecurity grant it announced last November “to support civil society organisations that conduct mercenary spyware threat research and advocacy”.

It described lockdown mode as “an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security”.

“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” said Ivan Krstić, Apple’s head of security engineering and architecture.

“That includes continuing to design defences specifically for these users, as well as supporting researchers and organisations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”

Apple devices have been relatively resilient to cyber attacks due to the company’s emphasis on security and privacy, and the vetting of apps in its App Store. But there have been cases of attacks such as by Israeli cyber firm NSO Group whose Pegasus spyware can copy messages and photos and record calls.

The spyware is labelled as “military grade”, was reportedly developed by former Israeli intelligence operatives, can run on both iOS and Android phones, and was made available to governments. The fact some governments acquired Pegasus has been regarded as particularly menacing.

Indeed NSO Group and Pegasus spyware appear to be the the trigger for lockdown mode, given the legal action Apple launched against the company last year. Apple explicitly referred to NSO Group in today’s blogpost.

In November last year Apple announced it had filed a lawsuit against NSO Group and its parent company “to hold it accountable for the surveillance and targeting of Apple users”.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering in last year’s announcement.

Apple last year identified and patched an exploit called FORCEDENTRY used by NSO Group to break into iPhones and install Pegasus. “The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto,” Apple said last year. However there have been reports this year that Pegasus installations persisted beyond then.

Today it said organisations that are eligible for funds from its $US10m cybersecurity grant will also be eligible for funds from damages it receives from its lawsuit filed against NSO Group (if successful).

There is a downside to lockdown mode in terms of lost functionality. Apple says most message attachments other than images will be blocked. Some web browsing technologies are disabled unless a user excludes a trusted site from Lockdown’s extra scrutiny.

Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request. Wired connections with a computer or accessory are blocked when iPhone is locked.

Lockdown mode will be available in the third quarter when the company rolls out iOS 16, iPadOS 16, and macOS Ventura operating systems.

Originally published as Apple targets spyware attacks with ‘lockdown mode’