Apple Lockdown Mode: Does This Really Protect the Mobile Security Landscape?

By Manish Alshi, Head of Channels and Growth Technologies – India and SAARC, Check Point Software Technologies

Apple recently announced a new feature, Lockdown Mode, which protects iOS users who might be targeted by sophisticated cyber threats. Block mode dramatically reduces the attack surface of mobile devices to prevent cyber threats from reaching the user. This initiative validates what has long been known, mobile devices are inherently exposed to cyber threats.

The importance of mobile security

The development and release of Apple’s new Lockdown Mode feature emphasizes the importance of mobile security. Also, Apple is not alone; Samsung is also working to improve the security of its Galaxy devices and recently announced a cooperation with Google and Microsoft to strengthen mobile security.

This comes as no surprise to those who manage mobile devices on a daily basis. The use of mobile devices for personal and work purposes may expose users to methods of social engineering. This has not gone unnoticed by cybercriminals. Over the past year, Check Point researchers have observed that threat actors have increasingly focused on mobile devices. They leverage social media and messaging apps to carry out one-click or even no-click attacks.

A survey conducted last year revealed that nearly half (49%) of organizations worldwide are unable to detect an attack or breach on employee-owned devices. At a time when workforces around the world are becoming more distributed, there is a real risk that the mobile realm will soon become the new battleground for corporate cybersecurity.

According to Check Point’s Threat Intelligence report, in India, the weekly average number of organizations affected by mobile malware stood at 4.3% compared to the APAC average of 2.6% over the last 6 months. From mobile spyware that can take full control of iOS and Android devices through no-click exploits, to Trojans deployed through malicious apps that can harvest user credentials, organizations have never been more exposed to threats. mobile threats.

Furthermore, the wide range and automation of attack tools have allowed attackers to launch large-scale campaigns that are more complex with relative ease.

Apple’s lockdown mode also addresses files as the primary threat vector. Malicious files have been used in a variety of attacks, including state-level attacks, but they are one of the most overlooked vectors in mobile security. Malicious PDFs, GIF images, and Excel sheets can facilitate cyberattacks, but most mobile security solutions don’t consider them to be a significant risk.

What is lockdown mode and how does it work?

Apple Lockdown Mode is expected to be available in the fall on iOS 16, iPadOS 16, and macOS Ventura. Its goal is to drastically reduce the available attack surface of mobile devices by blocking or disabling files and access.

While in lockdown mode:

Most message attachments are blocked: Apple recognized attachments as an emerging attack vector on mobile devices. In block mode, downloading of most types of message attachments (other than images) is completely blocked. Other features, like link previews, are also disabled.
Complex web technologies are disabled: Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled during block mode.
Incoming service requests and invitations are blocked: Apple blocks incoming service requests and invitations, including FaceTime calls, from unknown sources.
Wired connections to a computer or accessory are locked: When iPhone is locked, it won’t support wired connections.
Unable to install configuration profiles – MDM/UEM integration is blocked

Some capabilities may change for the anticipated release date, but it’s clear that these protections will create more secure Apple devices.

Check Point Harmony Mobile improves security for high-risk users

While Check Point and Apple agree on the importance of mobile security, their approach to protection is different.

The new Lockdown mode is a solution to a very specific state-level attack problem. It covers a severe set of attack scenarios, but does not address common attacks like phishing, botnets, or man-in-the-middle. Even attacks targeting high-profile users, such as spear phishing and whaling, are not among the scenarios covered by blocking mode.

Check Point Harmony Mobile is a MTD solution that protects iOS and Android devices across all attack vectors: files, networks, apps, and operating systems. It provides protection against zero-day phishing attacks, blocks malicious file downloads, detects malicious iOS profiles, and provides malware protection, Secure DNS, and more.

It allows security administrators to monitor device security posture and can be integrated with any UEM and MDM solution.

High-risk iOS users should combine both security measures to provide broad protection for their devices and organization. But what about non-critical users?

Check Point Harmony Mobile for non-critical users

While turning on lockdown mode will certainly provide increased security, it will also limit the usability of the device. Lockdown mode disables some rudimentary features on the mobile device. The user will not be able to receive FaceTime calls from an unknown number, download a file attached to a message, and some web features may not work. Lockdown mode can also present a challenge to your organization, as administrators cannot install MDM or UEM on a device in lockdown mode.

If a user is the target of highly sophisticated state-level digital threats such as mercenary spyware, these limitations are a price worth paying for a more secure mobile device. However, most users are not included in these scenarios. For them, Check Point Harmony Mobile enables full use of iOS devices, including browsing the web, sending and receiving files, full FaceTime functionality and more, without compromising their security. This allows users to stay connected and maintain productivity and functionality while protecting you, your device, and your organization.

A great example of this approach is Harmony Mobile’s file protection capabilities. Like Apple, Check Point recognized that files are an emerging attack vector on mobile devices. For that reason, Check Point Harmony Mobile recently launched a new file protection capability that protects your device from malicious files.

Check Point Harmony Mobile File Download Prevention scans downloaded files for malicious intent. Once found, the download is completely blocked and the malicious file never reaches the device. For Android devices, storage scanning is available to protect against downloaded files. This ensures that the mobile device remains free of threats without affecting user productivity.

Check Point Harmony Mobile uses ThreatCloud, the intelligence tool with the best detection rate in the industry, to scan those files. ThreatCloud combines the latest AI technology with big data threat intelligence, as well as threat intelligence collected and analyzed by Check Point’s elite research team to block files, malicious web content and more.

Check Point Harmony Mobile is the first mobile threat solution among the industry’s leading vendors to prevent malicious files from being downloaded to mobile devices.

What should you do to protect your mobile device?

High-risk users should consider using both lockdown mode and the Check Point Harmony Mobile solution to cover all possible attack vectors.

For most users, Check Point Harmony Mobile offers the best balance between complete protection and zero impact on productivity.

Be the first to comment

Leave a Reply

Your email address will not be published.