“Extreme” protection: Apple reacts to Pegasus spyware with Lockdown Mode


With a blocking mode, Apple wants to offer particularly vulnerable users under iOS 16, iPadOS 16 and macOS (13) Ventura “extreme” protection against espionage attacks and hackers, but this is accompanied by some limitations. Apart from that, the company announces a financial commitment against cyber attacks.

Apple's reaction to Pegasus

Lockdown Mode is a “groundbreaking security feature” that withstands even the most sophisticated digital threats. Apple addresses blocking mode to users “who face serious, targeted threats to their digital security.” This includes, for example, journalists, human rights activists or political opponents in authoritarian states.

Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats […]. Turning on Lockdown Mode […] further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.


The threat, in turn, identifies Apple as “private[…] companies developing state-sponsored spy software with mercenary intentions.” Although the manufacturer does not mention a name with this formulation, the reference could not be clearer – Apple is referring to the Pegasus spyware from the Israeli NSO Group. This is a particularly sophisticated espionage tool based on the zero-click exploit FORCEDENTRY, which is officially used by secret services to counter terrorism, including the German foreign intelligence service BND. The NSO Group still sees itself on the side of the law, since Pegasus is only sold to security authorities.

However, the software, first documented by the Canadian Citizen Lab, has caused a lot of controversy in the past, because industry experts and security researchers have repeatedly seen confirmation that Pegasus is also used by authoritarian regimes to spy on journalists, human rights activists, politicians, lawyers and other innocent people. Apple sued the NSO Group after the situation became known, a verdict is still pending.

There is now indisputable evidence from research by Citizen Lab and other organizations that the mercenary surveillance industry is fueling the spread of authoritarian practices and massive human rights abuses around the world. I am pleased that Apple made this important donation. She sends a clear signal and supports independent researchers and NGOs who are holding mercenary spyware vendors accountable for the harm they inflict on innocent people.

Ron Deibert, Director of Citizen Lab

Lockdown mode restricts OS and users

Away from the legal process, the manufacturer now wants to defend itself with the lockdown mode. The optional additional protection was implemented as part of the third beta of iOS 16, iPadOS 16 and macOS (13) Ventura, which is now available. Users can activate or deactivate it in the device settings, which is accompanied by a password prompt and a restart. When the blocking mode is switched on, numerous functions of the operating system are restricted. Further protective mechanisms are to follow “over time”, with the following adjustments to start with:

  • Messages: Most types of message attachments except images are blocked. Some features, such as link previews, are disabled.
  • Web browsing: Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled unless users opt out of block mode on a trusted website.
  • Apple Services: Incoming invitations and service requests, including FaceTime calls, are blocked if users have not previously called or sent a request to the initiator.
  • Wired connections to a computer or accessory are blocked when the iPhone is locked.
  • Configuration profiles cannot be installed and the device cannot enroll in a Mobile Device Management (MDM) when lockdown mode is enabled.
Lockdown mode on iOS 16 beta 3 (Image: Apple)
Lockdown Mode on iOS 16 Beta 3< /figure>

Rewards for researchers and a donation

In addition, as part of the Security bounty program for those security researchers who manage to bypass the lockdown mode, a reward of up to 2 million US dollars, provided they help to close the security gap.

The company also announced a $10 million donation to the Ford Foundation's Dignity and Justice Fund. Any compensation payments resulting from the lawsuit against the NSO Group should be added in full to the donation.

Global trade in Spy software targets human rights activists, journalists and dissidents. It promotes violence, strengthens authoritarianism and supports political repression. The Ford Foundation is proud to support this extraordinary initiative to encourage civil society research and advocacy against mercenary spy software. We must build on Apple's commitment and invite businesses and other donors to join the Dignity and Justice Fund and provide additional resources to this common fight.

Lori McGlinchey, Director, Ford Foundation