Apple’s Lock Mode: Does it really protect the mobile security landscape?


Apple recently announced a new feature, Lockdown Mode, which secures iOS users who might be personally targeted by sophisticated cyber threats. Lockdown mode dramatically reduces the attack surface of mobile devices to prevent cyber threats from reaching the user. This initiative validates what has long been known, mobile devices are inherently exposed to cyber threats.

The importance of mobile security

The development and release of Apple’s new Lock Mode feature highlights the importance of mobile security. Moreover, Apple is not alone; Samsung is also working to improve the security of its Galaxy gadgets and recently announced a cooperation with Google and Microsoft to boost mobile security.

This comes as no surprise to those who deal with mobile devices on a daily basis. The use of mobile devices for personal and professional purposes can expose users to methods of social engineering. This has not gone unnoticed by cybercriminals. Over the past year, Check Point researchers have observed that threat actors are increasingly focusing on mobile devices. They leverage social media and messaging apps to carry out one-click or even no-click attacks.

A survey conducted last year found that nearly half (49%) of organizations worldwide are unable to detect an attack or breach on employee-owned devices. At a time when the workforce across the globe is increasingly dispersed, there is a real risk that the mobile arena will soon become the new battleground of enterprise cybersecurity.

According to Check Point’s Threat Intelligence report, in India, the weekly average of organizations affected by mobile malware was 4.3% compared to the APAC average of 2.6% over the past 6 months. From mobile spyware that can take full control of iOS and Android devices through clickless exploits, to Trojans deployed through malicious apps that can harvest user credentials, businesses have never been more exposed. mobile threats.

Additionally, the wide range and automation of attack tools has allowed attackers to launch large-scale campaigns that are more complex with relative ease.

Apple’s Lockdown mode also sees files as a primary threat vector. Malicious files have been used in a variety of attacks, including state-level attacks, but they are one of the most overlooked vectors of mobile security. Malicious PDFs, GIF images, and Excel sheets can facilitate cyberattacks, but most mobile security solutions don’t consider them a major risk.

What is lock mode and how does it work?

Apple’s Lockdown Mode is expected to be available in the fall on iOS 16, iPadOS 16, and macOS Ventura. Its goal is to drastically reduce the available attack surface of mobile devices by blocking or disabling files and access.

In lock mode:

Most message attachments are blocked – Apple has recognized the files as an emerging attack vector on mobile devices. In lockdown mode, downloading of most types of message attachments (other than images) is completely blocked. Other features, such as link previews, are also disabled.

Complex web technologies are disabled – Some complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled in lockdown mode.

Incoming invitations and service requests are blocked – Apple blocks incoming invitations and service requests, including FaceTime calls, from unknown sources.

Wired connections to a computer or accessory are blocked – When iPhone is locked, it doesn’t support wired connections.

Configuration profiles cannot be installed – MDM/UEM integration is blocked

Some features may change by the scheduled release date, but obviously these protections will make Apple devices more secure.

Check Point Harmony Mobile improves security for high-risk users

While Check Point and Apple agree on the importance of mobile security, their approach to protection is different.

The new Lockdown mode is a solution to a very specific problem with state-level attacks. It covers a range of severe attack scenarios, but does not address common attacks such as phishing, botnets, or man-in-the-middle. Even attacks that target high-level users, such as spear phishing and whaling, are not among the scenarios covered by lockdown mode.

Check Point Harmony Mobile is an MTD solution that protects iOS and Android devices across all attack vectors: files, network, application and operating systems. It provides protection against zero-day phishing attacks, blocks malicious file downloads, detects malicious iOS profiles, and provides malware protections, secure DNS, and more.

It allows security administrators to monitor the security status of devices and can be integrated with all UEM and MDM solutions.

High-risk iOS users should combine both security measures to provide extended protection for their devices and organization. But what about non-critical users?

Check Point Harmony Mobile for non-critical users

While enabling Lockdown Mode undoubtedly provides greater security, it will also limit the usability of the device. Lock mode disables some rudimentary functionality on the mobile device. The user will not be able to receive FaceTime calls from an unknown number, download a file attachment to a message, and some web features may not work. Lockdown mode can also pose a challenge to the organization, as administrators cannot install MDM or UEM on a device in lockdown mode.

If a user is targeted by highly sophisticated state-level digital threats, such as mercenary spyware, these limitations are a price to pay for a more secure mobile device. However, a majority of users are not included in these scenarios. For them, Check Point Harmony Mobile enables full use of iOS devices, including web browsing, sending and receiving files, full FaceTime functionality and more, without compromising their security. This allows users to stay connected and maintain productivity and functionality while protecting you, your device, and your organization.

A great example of this approach is the Harmony Mobile File Protection feature. Like Apple, Check Point has recognized that files are an emerging attack vector on mobile devices. For this reason, Check Point Harmony Mobile recently released a new File Protection feature that protects the device against malicious files.

Check Point Harmony Mobile File Download Prevention scans downloaded files for malicious intent. Once found, the download is completely blocked and the malicious file never reaches the device. For Android devices, storage scanning is available to protect against downloaded files. This ensures that the mobile device remains safe from threats without affecting user productivity.

Check Point Harmony Mobile uses ThreatCloud, the intelligence tool with the best capture rate in the industry to analyze these files. ThreatCloud combines the latest artificial intelligence technology with big data threat intelligence, plus threat intelligence collected and analyzed by Check Point’s elite research team to block files, malicious web content and Moreover.

Check Point Harmony Mobile is the first mobile threat solution among the industry’s leading vendors to prevent malicious files from being downloaded to mobile devices

What should you do to protect your mobile device?

High-risk users should consider using both lockdown mode and the Check Point Harmony Mobile solution to cover all possible attack vectors.

For the majority of users, Check Point Harmony Mobile offers the ultimate balance between comprehensive protection and zero impact on productivity.

By Manish Alshi, Head of Growth Channels and Technologies – India and SAARC, Check Point Software Technologies


Comments are closed.