By Manish Alshi, Head of Channels and Growth Technologies – India & SAARC, Check Point Software Technologies
Apple has recently announced a new feature, Lockdown Mode, which secures iOS users who might be personally targeted by sophisticated cyber threats. Lockdown Mode dramatically reduces mobile devices’ attack surface to prevent cyber threats from reaching the user. This initiative validates what has been known for a long time, mobile devices are inherently exposed to cyber threats.
The importance of mobile security
The development and release of Apple’s new Lockdown Mode feature stresses the importance of mobile security. Moreover, Apple is not alone; Samsung is also working to enhance the safety of its Galaxy gadgets and recently announced a cooperation with Google and Microsoft to bolster mobile security.
This comes as no surprise to those who manage mobile devices on a daily base. Using mobile devices for personal and work purposes can expose users to social engineering methods. This has not gone unnoticed by cybercriminals. Over the past year, researchers at Check Point have observed threat actors increased focus on mobile devices. They leverage social networks and messaging apps to carry out single or even zero click attacks.
A survey carried out in the last year revealed that almost half (49%) of organizations worldwide are unable to detect an attack or breach on employee-owned devices. At a time when workforces across the world is increasingly distributed, there’s a genuine risk that the mobile arena could soon become the new corporate cybersecurity battleground.
According to Check Point’s Threat Intelligence report, in India, the average weekly impacted organizations by mobile malware stood at 4.3 percent as compared to the APAC average of 2.6 percent in the last 6 months. From mobile spyware that can assume complete control of iOS and Android devices via zero-click exploits, to trojans deployed via malicious apps that can harvest users’ credentials, organizations have never been more at risk from mobile threats. In addition, the vast array and automation of attack tools have enabled attackers to launch large-scale campaigns that are more complex with relative ease.
Apple’s Lockdown mode also addresses files as a main threat vector. Malicious files have been used in a variety of attacks, including state level attacks, but they are one of the most overlooked vectors in mobile security. Malicious PDF, GIF images, and Excel sheets can facilitate cyberattacks, yet most mobile security solutions do not regard them as a major risk.
What is Lockdown Mode and how does it work?
Apple’s Lockdown mode is expected be available in the fall on iOS 16, iPadOS 16 and macOS Ventura. Its target is to dramatically reduce mobile devices’ available attack surface by blocking or disabling files and access.
While in lockdown mode:
- Most message attachments are blocked– Apple recognized files as an emerging attack vector on mobile devices. In lockdown mode, the download of most message attachment types (other than images) are completely blocked. Other features, like link previews, are also disabled.
- Complex web technologies are disabled– Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled while in lockdown mode.
- Incoming invitations and service requests are blocked– Apple blocks incoming invitations and service requests, including FaceTime calls, from unknown sources.
- Wired connections with a computer or an accessory are blocked- When iPhone is locked it will not support wired connections.
- Configuration profiles cannot be installed- MDM/UEM integration is blocked
Some capabilities might change by the anticipated release date, but it is evident these protections will create a more secure Apple devices.
Check Point Harmony Mobile, a market leading Mobile Threat Defense (MTD) solution, offers a complementary solution that can enhance the security provided by Apple’s Lockdown Mode and create enhanced protection for high-risk users.
Check Point Harmony Mobile enhances security for high-risk users
While Check Point and Apple both agree on the importance of mobile security, their protection approach is different.
The new Lockdown mode is a solution to a very specific state level attacks problem. It covers a severe set of attack scenarios, but does not address common attacks such as phishing, botnets or man-in-the-middle. Even attacks that target high-profile users, such as spear phishing and whaling, are not among the scenarios covered by the Lockdown Mode.
Check Point Harmony Mobile is an MTD solution that protects both iOS and Android devices across all attack vectors: files, network, application and OSs. It provides protection against zero-day phishing attacks, blocks malicious files downloads, detects malicious iOS profile and provides malware protections, safe DNS, and more.
It allows security admins to monitor device security posture and can be integrated with any UEM and MDM solutions. High risk iOS users should combine both security measures to provide wide protection for their devices and organization. But what about non-critical users?
While turning on Lockdown mode will undoubtedly provide greater security, it will also limit device usability. Lockdown Mode disables some rudimentary features on the mobile device. The user won’t be able to receive FaceTime calls from an unknown number, download a file attached to a message and some web features might not work. Lockdown Mode might also set a challenge to the organization, as admins cannot install MDM or UEM on a device in lockdown mode.