Apple has announced the launch of 'Lockdown Mode', which is designed to offer increased protection from mobile spyware, a common tool in a cybercriminal’s kit that may be used to steal valuable information from a victim.
According to John Davis, Director UK & Ireland, SANS Institute, contrary to popular belief, "mobile malware less often relies on zero-day vulnerabilities, but more commonly leverages known, reported security loopholes, hoping to target unpatched systems or applications, to infiltrate and wreak havoc on mobile devices".
While mobile users "need to be wary of suspicious SMS/iMessage notes, or mechanisms around “overlay” applications," he argues, "these are designed to look like legitimate applications, but instead contain trojans developed to steal user data to send to malicious third parties."
According to the BBC, Apple is currently suing Israeli spyware firm NSO Group, accusing it of targeting victims in 150 different countries with its powerful Pegasus spyware, which 'could infect both iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras.'
A step forward for Apple users, but not the time to relax
While Apple’s Lockdown Mode could go a long way towards preventing spyware cyber-attacks for its customers, Davis adds that "end users should remember best practices they learned on other digital platforms and keep up good habits when accessing, storing, and utilising sensitive information on mobile devices".
In addition, Davis suggests that users "should also be reticent to not relax or adjust in-built security settings, as doing so opens up devices to vulnerabilities. Keep your devices current and updated and adhere to the security settings already in place to make for a safer overall experience. If there are red flags, don’t ignore them – valuable information flows on phones every day, so if cybercriminals can access this, then it can potentially spell disaster for individuals or companies.”
The SANS institute
Regarded as one of the most trusted resources for cybersecurity training, certifications and research, the SANS Institute was launched in 1989 as a cooperative for information security thought leadership.
Their mission is to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place. To aid this effort, they provide high quality training, certifications, scholarship academies, degree programs, cyber ranges, and resources to meet the needs of every cyber professional.
- Veracode: software security still lagging in public sectorCloud & Cybersecurity
- ICYMI, November 2022: Amazon AI robot and Musk’s Python planEnterprise IT
- ICYMI, October 2022: Gone phishing and video game goodnessEnterprise IT
- ICYMI, March 2022: Cyber ageism and AI transforms healthcareEnterprise IT