Apple’s special protection mode for the protection of activists, politicians and journalists has managed to stop the Pegasus spyware on at least one occasion, as documented by cybersecurity research group The Citizen Lab at the University of Toronto. Faced with the scandal of the multiple cases of espionage around the world, the apple company last summer launched the isolation mode (lockdown mode), a new function for those users who fear being the target of an attack of these characteristics and that, although it limits some functions of the phone, it constitutes a barrier against some of the sophisticated spyware attacks.
The Citizen Lab has published a report analyzing three new vulnerabilities in iOS 15 and iOS 16 unknown to Apple at the time of the attacks on two Mexican human rights activists. The researchers have determined that the isolation mode allowed to block one of the Pegasus attacks, from the Israeli company NSO Group and that this company assures that it only provides to governments. Investigators said the two Mexican activists targeted by the spyware are investigating human rights violations allegedly carried out by the Mexican military.
The isolation mode was launched by Apple in the fall of last year within the configuration settings of the operating systems iOS 16, iPadOS 16 and macOS 16, intended for iPhone, iPad and Mac computers respectively. This function is “an optional extreme protection for a small number of users who face serious targeted threats that endanger their security on the network,” according to the Californian company itself when it put it into operation.
Since its release, the effectiveness of this mode in stopping a spyware attack has not been proven. In the documented case, the iPhone blocked hacking attempts and showed its owner a notification alerting that isolation mode had prevented someone from accessing the Home app on the phone. The researchers, however, note that at some point the developers of the NSO exploit “may have figured out a way to fix the notification problem.”
The Citizen Lab has noted that “it is encouraging to see that Apple’s lockdown mode notified targets of attacks in the wild.” The cybersecurity and human rights organization notes that “although a single security measure is unlikely to thwart all targeted spyware attacks, and security is a multifaceted issue, we believe this case highlights the value of enabling this feature for high-risk users who may be targeted for who they are or what they do.” For this reason, he strongly recommends “all risky users to activate blocking mode on their Apple devices. Although the function carries a certain cost of usability, we believe that the cost may be offset by the higher cost it entails for attackers” .
Turning on isolation mode causes some limitations on the iPhone. Among them, Messages blocks most types of attachments other than images. In web browsing, some complex technologies are disabled. FaceTime calls are blocked if the user has not previously sent a request or called the other party. However, there are several more and Apple can put some new ones according to the attacks that it discovers over time.
