Lockdown Mode seems to be doing its job, blocking spyware made by the notorious mercenary hacking provider NSO Group. With more and more people worried about getting targeted with sophisticated spyware, Lockdown Mode may help protect them from threats like this.
The report sheds light on the vulnerabilities that could still be exploited by criminals, potentially putting lives in danger. In both cases, Mexico’s human rights defenders have been targeted with the exploits and pressured to stop their work – a clear violation of their right to freedom of expression and peaceful assembly. The Mexican government should take action to protect its citizens by promptly patching these vulnerabilities and making sure that all Devices are updated as soon as possible.
The Lockdown Mode feature of the Apple iPhone has successfully protected someone from a targeted attack.
The Citizen Lab’s recent research, which found that iPhone users in Saudi Arabia and Morocco were target of an unauthorized 702 spying campaign that used exploits to gain unsupervised access to the devices and spy on their activities, raises new questions about the security capabilities of Apple’s mobile operating system. The Citizen Lab researchers say that the targets’ iPhones blocked the hacking attempts, but it is possible that at some point NSO’s exploit developers “may have figured out a way to correct the notification issue.” This suggests just how vulnerable iPhones are even when they are using sophisticated security measures like Lockdown Mode.
Lockdown Mode is a security feature that Android devices include to help restrict which apps an user can access. It is possible for researchers to fingerprint users who have Lockdown Mode turned on, but that does not mean the protections provided by the feature are not meaningful. Citizen Lab found that Lockdown Mode can be effective in limiting an app’s ability to access data and settings on a device.
The Lockdown Mode feature in the newest version of iOS appears to be a powerful countermeasure against Zero-Click attacks. However, like any optional feature, it needs to be well implemented so that attackers don’t simply move away from exploiting Apple apps and target third-party apps.
Lockdown Mode is a new security feature in iOS that was designed to prevent attacks like these from happening. It disrupted the attack quickly and alerted users before the specific threat was known.
Since it is not clear which type of technology is being used by NSO Group, Citizen Lab’s reports cannot be relied upon to provide an accurate analysis of the company’s practices. This lack of clarity may lead to public distrust in NSO Group, and could have ramifications for the group’s ability to conduct legitimate security research.
Zero-click hacks work by automatically extracting data from a phone without the user consciously choosing to share any personal information. Because these hacks don’t require any interaction on the part of the victim, they can be used to surreptitiously access a target’s email, communication logs, and other sensitive data.
Citizen Lab has identified three different zero-click exploits that could be used to compromise phones anonymously: an attack method known as “retooled SMS spamming,” a technique that uses malicious text messages to extract login credentials from victims, and an attack exploiting vulnerabilities in iPhone jailbroken devices.
NSO is not the only company that sells powerful spy software to governments. However, the company’s products – Pegasus and GrayFish – have been particularly controversial, as they can remotely obtain a phone’s location, messages, photos and virtually anything the phone’s legitimate owner can access. For years, researchers at Citizen Lab, Amnesty International and other organizations have documented several cases where NSO customers used the company’s spyware to target journalists, human rights defenders and opposition politicians.
As Citizen Lab’s new findings show, NSO is still alive and well, despite a rocky past couple of years. Through its use of Advanced Persistent Threats (APTs), NSO has infiltrated governments around the world, using sophisticated tactics to steal sensitive information and derail investigations. However, with the help of the Pegasus Project and subsequent denylist by the U.S. government, NSO may soon be unable to operate with impunity in the global stage.
Marczak believes that, while other companies have folded, NSO is still able to maintain its financial stability and continue to be a threat to global civil society. In recent months, allegations of NSO spying on journalists and political activists has heightened public concern over the company’s abilities.
The three exploits mentioned above are some of the most advanced and dangerous hacks ever created. Not only did they target iPhone devices, but they also targeted features that are essential to owning and using a phone. By taking advantage of these features, hackers could deceive owners into giving up sensitive information or even allow them to be taken hostage.
Citizen Lab deemed the Mexican government to be a known spyware customer, and based on its findings, it appears that these specific exploits may have been used by the Mexican military to surveil and target human rights advocates. This attack may constitute an abuse of state power, and should be condemned by both Mexico and international authorities.
Apple’s March iOS update included a number of security fixes, most notably in HomeKit where a vulnerability existed which could allow unauthorized access to users’ devices. After being notified by Citizen Lab, Apple released an update in February that fixed the vulnerability.
NSO Group is a well-known provider of surveillance technology, and their products are often used by governments to track their citizens. Recently, it was reported that the company held inappropriate access to servers belonging to the Mexican government, which raises questions about the use of their services.
