Apple’s Lockdown mode: Does this really protect the mobile security landscape?

Apple has recently announced a new feature, Lockdown Mode, which secures iOS users who might be personally targeted by sophisticated cyber threats. Lockdown Mode dramatically reduces mobile devices’ attack surface to prevent cyber threats from reaching the user. This initiative validates what has been known for a long time, mobile devices are inherently exposed to cyber threats.

The importance of mobile security

The development and release of Apple’s new Lockdown Mode feature stresses the importance of mobile security. Moreover, Apple is not alone; Samsung is also working to enhance the safety of its Galaxy gadgets and recently announced a cooperation with Google and Microsoft to bolster mobile security.

This comes as no surprise to those who manage mobile devices on a daily base. Using mobile devices for personal and work purposes can expose users to social engineering methods. This has not gone unnoticed by cybercriminals. Over the past year, researchers at Check Point have observed threat actors increased focus on mobile devices. They leverage social networks and messaging apps to carry out single or even zero click attacks.

A survey carried out in the last year revealed that almost half (49%) of organizations worldwide are unable to detect an attack or breach on employee-owned devices. At a time when workforces across the world is increasingly distributed, there’s a genuine risk that the mobile arena could soon become the new corporate cybersecurity battleground.

According to Check Point’s Threat Intelligence report, in India, the average weekly impacted organizations by mobile malware stood at 4.3 percent as compared to the APAC average of 2.6 percent in the last 6 months. From mobile spyware that can assume complete control of iOS and Android devices via zero-click exploits, to trojans deployed via malicious apps that can harvest users’ credentials, organizations have never been more at risk from mobile threats.

In addition, the vast array and automation of attack tools have enabled attackers to launch large-scale campaigns that are more complex with relative ease.

Apple’s Lockdown mode also addresses files as a main threat vector. Malicious files have been used in a variety of attacks, including state level attacks, but they are one of the most overlooked vectors in mobile security. Malicious PDF, GIF images, and Excel sheets can facilitate cyberattacks, yet most mobile security solutions do not regard them as a major risk.

What is Lockdown Mode and how does it work?

Apple’s Lockdown mode is expected be available in the fall on iOS 16, iPadOS 16 and macOS Ventura. Its target is to dramatically reduce mobile devices’ available attack surface by blocking or disabling files and access.

While in lockdown mode:

Most message attachments are blocked- Apple recognized files as an emerging attack vector on mobile devices. In lockdown mode, the download of most message attachment types (other than images) are completely blocked. Other features, like link previews, are also disabled.

Complex web technologies are disabled- Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled while in lockdown mode.

Incoming invitations and service requests are blocked- Apple blocks incoming invitations and service requests, including FaceTime calls, from unknown sources.

Wired connections with a computer or an accessory are blocked- When iPhone is locked it will not support wired connections.

Configuration profiles cannot be installed- MDM/UEM integration is blocked

Some capabilities might change by the anticipated release date, but it is evident these protections will create a more secure Apple devices.

Check Point Harmony Mobile enhances security for high-risk users

While Check Point and Apple both agree on the importance of mobile security, their protection approach is different.

The new Lockdown mode is a solution to a very specific state level attacks problem. It covers a severe set of attack scenarios, but does not address common attacks such as phishing, botnets or man-in-the-middle. Even attacks that target high-profile users, such as spear phishing and whaling, are not among the scenarios covered by the Lockdown Mode.

Check Point Harmony Mobile is an MTD solution that protects both iOS and Android devices across all attack vectors: files, network, application and OSs. It provides protection against zero-day phishing attacks, blocks malicious files downloads, detects malicious iOS profile and provides malware protections, safe DNS, and more.

It allows security admins to monitor device security posture and can be integrated with any UEM and MDM solutions.

High risk iOS users should combine both security measures to provide wide protection for their devices and organization. But what about non-critical users?

Check Point Harmony Mobile for non-critical users

While turning on Lockdown mode will undoubtedly provide greater security, it will also limit device usability. Lockdown Mode disables some rudimentary features on the mobile device. The user won’t be able to receive FaceTime calls from an unknown number, download a file attached to a message and some web features might not work. Lockdown Mode might also set a challenge to the organization, as admins cannot install MDM or UEM on a device in lockdown mode.

If a user is targeted by state-level, highly sophisticated digital threats, such as mercenary spyware, these limitations are a price worth paying for a more secure mobile device. However, a majority of users are not included in these scenarios. For them, Check Point Harmony Mobile enables full use of iOS devices including browsing the internet, sending and receiving files, complete FaceTime functionality and more, without compromising their security. This allows users to stay connected and keep productivity and functionality while protecting you, your device and your organization.

A great example to this approach is Harmony Mobile File Protection capability. Like Apple, Check Point recognized that files are an emerging attack vector on mobile devices. For that reason, Check Point Harmony Mobile recently released a new file protection capability that protects the device from malicious files.

Check Point Harmony Mobile File Download Prevention scans downloaded files for malicious intent. Once found, the download is completely blocked, and the malicious file never reaches the device. For Android devices, storage scanning is available to protect against downloaded files. This ensures the mobile device stays threat-free without effecting user productivity.

Check Point Harmony Mobile uses ThreatCloud, the intelligence tool with the best catch rate in the industry for scanning those files. ThreatCloud combines the latest AI technology with big data threat intelligence, as well as threat intelligence collected and analyzed by Check Point’s elite research team to block files, malicious web content and more.

Check Point Harmony Mobile is the first mobile threat solution among the industry’s top leading vendors to prevent the download of malicious files to mobile devices

What should you do to protect your mobile device?

High risk users should consider using both Lockdown Mode and the Check Point Harmony Mobile solution to cover all possible attack vectors.

For the majority of users, Check Point Harmony Mobile provides the ultimate balance of complete protection and zero impact on productivity.

By Manish Alshi, Head of Channels and Growth Technologies – India & SAARC, Check Point Software Technologies

Check Also

Top AI Marketing Companies

With their data-driven approach, AI marketing companies can eliminate guesswork and deliver higher ROI and …