Apple Sécurité

Apple announces Isolation, the safe mode that shields iPhone, iPad and Mac against the most dangerous spyware

According to 01Net’s Apple announces Isolation, the safe mode that shields iPhone, iPad and Mac against the most dangerous spyware
news, I share all my suggestions, recommendations and opinions about Apple announces Isolation, the safe mode that shields iPhone, iPad and Mac against the most dangerous spyware
with you. Details are below…

After the announcement of its legal action against NSO Group, the Cupertino giant is taking the iron where it hurts and intends to strengthen the protections of its devices against sophisticated attacks. They do not concern everyone, but nevertheless endanger our essential freedoms.

Apple is at war and seems determined to put all its weight in the balance. After announcing last November that it was suing the Israeli company NSO Group, designer of the Pegasus spyware, the Cupertino giant has just put two new pieces on the big chessboard that opposes it to the “mercenary spyware vendors”.

Who are the mercenary spyware vendors ?

For the record, this designation, which could be translated as “mercenary spyware vendors”, covers a complex and disturbing reality. These well-established companies are indeed specialized in the development of spyware, most often sold to States. Stealth tools, which often use unlisted vulnerabilities, or zero day, as they are called in cybersecurity. These malware then make it possible to follow, listen to or steal the data of a few targeted users: journalists, political opponents, activists, and sometimes, yes, sometimes, terrorists. We are far from the mass espionage that programs like Prism have set up. Nevertheless, these are heavy and serious threats to all of our societies.

These cybersecurity mercenaries are constantly looking for flaws in software (apps and operating system) in order to be able to penetrate them. They also generally pay a high price for new exploits, attracting the least scrupulous hackers.


Isolation, safety first

The first major piece Apple is laying on the carpet is a new mode for iOS, iPadOS, and macOS. baptized LockdownIsolation in French, it aims to “reduce the attack surface” possible within the three operating systems of Apple.

In fact, and in the tradition of the American giant, it is a simple button very easy to activate from the Settings. However, its effects are “extreme”, to use the words of Apple itself. Because the Isolation mode will make your iPhone, your iPad or your Mac less permeable to cyberintrusion attempts.

And for that, he will have to greatly reduce the airfoil, so that any faults that set in motion in a click or, worse, in zero click, i.e. without any user action, have fewer opportunities to run. These restrictions obviously lead to a form of deterioration of the user experience.

  • So in Messages, most attached files other than pictures will be blocked. Also, the preview of web links will be disabled.
  • On the web surfing side, precisely, the most advanced techniques, especially in JavaScript, such as JIT compilation, will also be blocked, unless the user voluntarily registers a site on a white list.
  • Aware that its services, designed to make life easier for the general public, can be gateways for attackers, Apple will also limit certain functions. For example, service invitations and requests, such as incoming FaceTime calls, will be blocked unless the device user initiated the contact previously.
  • In addition, configuration profiles, which you may use to access betas or programs within your company, will also be banned by Isolation mode.
  • Crucial point for journalists or activists working in major media or organizations, the Mobile Device Managementformerly Mobile device management settings and now Deployment of Apple platforms, will not be available. This implies that the administrators of the smartphone fleet will have to manage these devices separately. But it is also a way to prevent hackers from impersonating the administrator and taking control of the device by installing malicious applications, for example.
  • Finally, to protect iPhones from unwanted physical access, the wired connection to a computer or even an accessory will be inactive when the iPhone is locked. In other words, without knowing your code or being able to activate your iPhone using your finger or your face, it will not be possible to attack it by plugging it into a machine.

Isolation will be officially available in the fall, alongside versions 16 of iOS and iPadOS and 13, of macOS, Ventura. But until then, it will be available in the summer betas of these three operating systems, which will be open to developers and the general public.

Apple and the University of Toronto's Citizen Lab are fighting spyware like NSO Group's Pegasus.WF News

Not for everybody…

The evidence is therefore that Isolation increases the security of Apple devices, but reduces their comfort of use. Still, it’s clear that it’s not for everyone. It is designed to protect affected users from “the rarest and most sophisticated of attacks”says Ivan Krstić, head of security engineering and architecture for Apple.

He continues by stating that “the vast majority of users will never fall victim to these highly targeted cyberattacks.” Despite everything, Apple considers it its duty to offer this additional security to the users concerned. “because they are who they are or for what they do”.

It is difficult to take the exact measure of the impact of spyware like Pegasus. Hinting that these attacks cost tens of millions a year, Apple only indicates that it has notified people affected by the attacks of the spyware Pegasus in more than 150 countries, without wanting to communicate their number, for security reasons.

On the other hand, Apple has already announced that it will strengthen this Isolation mode in the future, in particular thanks to feedback from the community of security researchers. In order to have the full attention of this community, with which Apple sometimes maintains somewhat stormy or complicated relations, Tim Cook’s teams have also announced that they are using another of their weapons: money, put to the service of prevention. .

Double the premiums, help research…

Thus, Apple announced a new category in its program of Security Bounty. It is entirely intended for Isolation mode, and to underline the importance that the American giant places on this function, it is announced that the usual rewards will be doubled with a maximum set at two million dollars for the most critical finds. Apple is proud to announce that this is an industry record.

But this is only the first part of his action. The second, which was announced last November, consists of the payment of ten million dollars (in addition to any damages awarded by the courts in the context of the lawsuit between Apple and NSO Group) to a fund to fight against cyber espionage. It is the Dignity and Justice Fund, managed by the Ford Foundation, which will be granted this windfall. Original members of this effort include Ivan Krstić, for Apple, as well as Rasha Abdul Rahim, director of Amnesty Tech, who helped investigate NSO Group alongside Citizen Lab, University of Toronto, also represented by its director, Ron Deibert.

The latter made his specialty of these “mercenaries”. He tracks them, lists them and points to them. The Citizen Lab has notably identified various players, such as Hacking Team, Gamma Group, Candiru, Cytrox, or of course NSO Group.

Apple: And for a few dollars more...WF News

The first contributions to the cause should be made in late 2022 or early 2023, to help expose the actions of mercenary spyware vendors and protect their potential targets. This major project will take different forms, starting with coordination between cybersecurity researchers and defense groups, with the aim of supporting the “development of standardized forensic methods to detect and confirm spyware infiltrations”. Through this fund, Apple also hopes to help civil society to more effectively ally with device manufacturers, software developers and IT security companies to identify and fix the vulnerabilities used.

Finally, the Dignity and Justice Fund will aim, on the one hand, to alert journalists, investigators and legislators to the practices of the global spyware vendor industry. While giving human rights defenders, on the other hand, the ability to identify and respond to these spyware attacks.

So many ways to reverse the balance of power, to force these companies that trade in espionage and the violation of basic rights to account. An essential fight, a war that cannot not be fought, and so much the better if it counts in the right camp of giants like Apple. Because, for Ron Deibert, these dark traders and their practices “promote the spread of totalitarianism and the violation of human rights throughout the world”a trend that doesn’t really need encouragement lately…