As CNet reports, Apple has been ramping up its commitments to privacy and security with a string of new features that cybersecurity experts say are amounting to more than a bullet-point feature to differentiate its products from Samsung gadgets and other devices powered by Google’s Android OS. Instead, Apple’s moves have sent ripples through the advertising world and upset government officials — signs, tech watchers say, that the tech giant is following through on its promises.
That’s why many cybersecurity experts took notice of Apple’s Lockdown Mode when it was unveiled this month. According to CNet, the feature is designed to activate “extreme” protections for the company’s iPhones, iPads and Mac computers. Among them, Apple’s Lockdown Mode blocks link previews in the messages app, turns off potentially hackable web browsing technologies, and halts any incoming FaceTime calls from unknown numbers. Apple’s devices also won’t accept accessory connections unless the device is unlocked. Of the people using its roughly 2 billion active devices around the world, Apple said few would actually need to turn the feature on. But cybersecurity experts say these types of extreme measures may need to become more commonplace as governments around the world broaden who they target while stepping up their frequency of attacks.
Reuters reported that earlier this month, the FBI and Britain’s MI5 intelligence organization took the rare step of issuing a joint warning of the “immense” threat Chinese spies pose to “our economic and national security,” and that its hacking program is “bigger than that of every other major country combined.” Other government agencies have made similar warnings about hacking from other adversaries, including Russia, which the US Office of the Director of National Intelligence said in 2017 has targeted think tanks and lobbying groups in addition to the government and political parties.
And unlike widespread ransomware or virus campaigns, which are often designed to spread as quickly as possible, targeted attacks are often designed for quiet intelligence gathering, which could lead to stolen technology, exposed state secrets and more. Apple itself said that it’s tracked targeted hacking efforts toward people in nearly 150 countries over the past eight months. Apple has already begun a program of warning people when they may be targeted. When Lockdown Mode is released in the fall, cybersecurity experts say, it’ll represent an escalation on Apple’s part, particularly because the feature will be available to anyone who wants to turn it on.
“There were a number of attempts over the years to make highly secure devices, and it’s great to have those things and having them put out there, but we haven’t seen widespread adoption,” said Kurt Opsahl, deputy executive director and general counsel at the Electronic Frontier Foundation, which advocates for privacy and other civil liberties in the digital world. And though Opsahl believes an up-to-date phone is probably good enough for the average person, he said that any way Apple can raise the cost of hacking a phone helps protect the devices. “Make no mistake about it, Lockdown Mode will be a major blow,” said Ron Deibert, a professor of political science and director of the Citizen Lab for cybersecurity researchers at the University of Toronto.
Much of Apple’s approach to cybersecurity can be traced back to 2010, when company co-founder Steve Jobs discussed his view of privacy on stage at D8 conference. “Privacy means people know what they’re signing up for, in plain English, and repeatedly,” Jobs said. “Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do.”
It was a departure from other internet giants, such as Facebook, whose co-founder, Mark Zuckerberg, was listening in the audience that day. Google, Facebook and Amazon largely make their money through targeted advertisements, which are often at odds with user privacy. After all, the more targeted the ad, more relevant and effective it likely is. Apple, by comparison, makes little of its money from advertisements. Instead, the iPhone, iPad and Mac computers made up more than 70% of its sales last year, adding up to over $259 billion combined.
But offering effectively a new mode on iPhones altogether is an entirely new approach. When people activate Lockdown Mode on their device, by flipping a switch in the settings app, it then needs to restart — effectively loading a new set of code and rules under Apple’s “extreme” security measures. “Apple is ultimately making it as easy as possible to make choices about security and privacy,” said Jeff Pollard, a Forrester analyst who focuses on cybersecurity and risk. Pollard said this approach offers an opportunity for Apple to test the waters between usability and security, while following through on its promise to continually improve on Lockdown Mode over time. “We have to make it easier to do, so our adversaries have to try harder.”
Many cybersecurity experts, including Professor Susan Landau, are looking forward to trying out Lockdown Mode when Apple releases it in the fall, along with its annual set of major software upgrades. A cybersecurity and policy professor at Tufts University, and a former employee at Google and Sun Microsystems, Landau is already careful about what websites she visits and what devices she uses. She keeps a separate Google Chromebook for handling her finances, and she refuses to download most apps to her phone unless she knows she can trust the company that made them.
“It’s convenience versus security,” she said. Landau follows these protocols out of principle, because she — like nearly all of us — doesn’t have the time or capability to validate every app or website’s safety. As CNet reports, Apple and Google both have established security tests for their respective app stores, but Landau said the new apps, capabilities and upgrades that arrive each year can make them more vulnerable. “Complexity is the bane of security.” To her, Lockdown Mode may help us all begin to understand the balance between gee-whiz features and security, particularly as state-sponsored hackers step up their attacks. “People have gotten used to the convenience without understanding the problems,” Landau said. “The convenience we’ve all grown accustomed to has got to change.”
—
Photo Credit: VideoFlow / Shutterstock.com