Apple released an “extreme safety” measure bundled with iOS 16 last summer, and it’s targeted at sophisticated spyware that is usually deployed covertly against government agencies. It appears that Apple’s safety tool is effective, to a certain extent, against Pegasus — one of the most devastating surveillance attacks ever documented.
Citizen Lab, the security group based at the University of Toronto’s Munk School of Global Affairs & Public Policy, has detailed a pair of zero-click exploits that targeted iOS 15 and iOS 16 devices last year. Labeled PWNYOURHOME and FINDMYPWN, these exploits were widely used by Pegasus-maker NSO Group against targets in Mexico and elsewhere.
The security lab notes that on iPhones with Lockdown Mode enabled, the target got real-time notifications if the Pegasus spyware tried to exploit the PWNYOURHOME vulnerability. NSO Group may have eventually devised a workaround against the alert system, but in general, there is no evidence that the aforementioned security flaw was abused on any device with Lockdown mode enabled.
“Given that we have seen no indications that NSO has stopped deploying PWNYOURHOME, this suggests that NSO may have figured out a way to correct the notification issue, such as by fingerprinting Lockdown Mode,” Citizen Lab writes in its exhaustive report.
The security lab suggests that all at-risk users should enable Lockdown Mode to ensure that they don’t become the next targets of Pegasus-fueled illicit surveillance — or any such spyware that is virtually impossible to detect in the wild.
Apple says Lockdown Mode is aimed at “very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats.” As such, it trades security with your average smartphone functionalities. For example, it disables certain messages, blocks access to a bunch of websites, and blocks FaceTime calls from unknown contacts, among other connectivity restrictions.
But as they say, you can never be too sure about your security. As far as Pegasus goes, it has been deployed against journalists, activists, high-ranking officials, and political figures all across the globe. And it’s the zero-click nature of this surveillance agent and how it covertly mines almost every kind of sensitive information — from calls logs and emails to storage content — that makes it a favorite of bad actors seated in positions of state power.
With proof that Lockdown Mode is effective at stopping the spyware, anyone even remotely concerned about being targeted by Pegasus (or similar attacks) should seriously consider enabling Lockdown Mode on their iPhone ASAP.