I'm surprised they didn't introduce such a feature sooner. Let's face it, smartphones running on Android and iOS are pretty much defenceless when it comes to zero day attacks.
I'm not sure what that means. The point is that the security architecture of iOS and Android is better than in practically all desktop systems as all apps run in a sandbox without access to user data and system resources. Only the permissions requested by many apps undermine that principle - that's why every user should rigorously check which permissions are really needed after installing an app. That's particularly important on Android systems. And regarding zero attacks: no system is immune against them by definition. Vulnerabilities are always possible, e.g., in the kernel or the various drivers. In that respect Android users are discriminated as most devices get security updates only over a rather short period of time. That's why there are estimations that about 80% of all Android devices are not up-to-date. But this has nothing to do with the security architecture per se.
What I'm saying is that there are no third party anti-exploit tools on iOS and Android. So in case you're dealing with a zero day attack, it's game over. That's why Apple decided to implement this new Lockdown Mode thingy. The problem is that this will also limit the functionality, in contrary to anti-exploit tools on Windows. In general, anti-exploit tools on Windows try to block the exploit attack in several stages, if they can't block the exploitation technique itself, they can at least block malware from running, which in practice means they block malicious process spawning, even if AV is somehow bypassed.
How many average Joe's do use it on Windows? Furthermore can its configuration be done by user with intermediate skills on a touch screen during a 15 minutes bus ride to work?
That's not the point, the point is that these tools are available on Windows, while they are not on macOS, iOS and Android. So whether people use them or not is a different story. Fact of the matter is that tools like MBAE, HMPA, OSArmor and Sandboxie will easily tackle exploits, without having to fully lockdown the system and break functionality. Of course, the occasional false positive aside.
So for average Joe Android and iOS are better, because they don't configure and use anti-exploit tools anyway. I think that you are overrating level of protection i.e. Sandboxie provides.
Yes but this isn't about average Joe, because they also won't be using the Lockdown Mode that often, after they find out that it breaks stuff. Fact of the matter is that the tools that I mentioned, including Sandboxie will easily tackle most malware that run after app exploitation. Why do you think that in hacking contests, they never protect the system with extra security tools? It would simply be too hard to bypass them all. And again, with Sandboxie, OSArmor and HMPA you don't have to break anything on the system.
VIPs also often have skill level of average Joe. Security contents are events sponsored by software companies to share and gain knowledge about software vulnerabilities. It would be interesting to see 3rd party security products in these contents. Unfortunately I never heard about SurfRight or NoVirusThanks companies to sponsor this kind of event. No money, no sharing of exploits.
I'm not saying they can't bypass third party security tools, but it would raise the bar. Which is why they often simply try to terminate the AV and they often use Windows zero days to get privilege escalation, but I don't believe this is always enough to bypass ALL security tools on a system. Would indeed be cool if this type of stuff was demonstrated on hacking contests, because now it's mostly speculating.
Just trying this out, so far no usability issues. The only noticable thing is that it blocks remote fonts in Safari, and many buttons on websites use remote fonts these days so you cannot see the proper icon on the buttons. Same as when you block remote fonts on your desktop web browser. It is also not as black and white as I thought, you can exclude apps and websites from lockdown mode if they're not working as desired.
Some more in depth details: https://www.sevarg.net/2022/07/20/ios16-lockdown-mode-browser-analysis/ I haven't noticed slowdown with Safari btw, I guess it depends on the websites you visit.
Cool to see that it actually works. https://techcrunch.com/2023/04/18/apple-lockdown-mode-iphone-nso-pegasus/
Also blocks the latest 0day: https://arstechnica.com/gadgets/202...-image-processing-vulnerability-in-ios-macos/
Cool, but why isn't anyone actually using this stuff? I read about quite a few people being hacked in targeted attacks, and apparently they didn't turn Lockdown Mode on, see link. So is it a case of this feature not being promoted enough, or perhaps it simply breaks too much? That's why I said that anti-exploit tools on Windows are much better. https://citizenlab.ca/2023/09/pegas...enko-exiled-russian-journalist-and-publisher/
Lockdown mode is improved for iOS 17: https://www.apple.com/newsroom/2023/06/apple-announces-powerful-new-privacy-and-security-features/ Apparently that also includes disabling fallback to insecure 2G: https://www.heise.de/news/iPhone-Lockdown-Modus-blockiert-kuenftig-2G-Verbindungen-9194247.html I guess not being promoted enough. And Apples description isn't really inviting to turn it on..
Nothing tightens iPhone security more than the Lockdown mode, any other third party solution is useless and it won't work properly.
Some details from new Safari/Webkit 17: https://webkit.org/blog/14445/webkit-features-in-safari-17-0/ Comparison of Apple's description before and after iOS 17 release. They added (bold): https://support.apple.com/en-us/HT212650 Note that there is a separate button to turn on 2G support if you want. But it is only necessary when you only get good cell reception with 2G. Emergency calls can always fall back to 2G when necessary regardless of this setting.
I had tried it, and I think what is mentioned on https://support.apple.com/en-us/HT212650 regarding web surfing is probably the most irritating aspect for most users. Yes, you can exclude websites and apps from Lockdown Mode but this can become a bit cumbersome.
That's what I thought. The anti-exploit solutions on Windows work differently, they are focused on blocking malicious process spawning, without interfering with normal app behavior. Strange that they can't produce such a thing for Android and iOS, maybe because they are designed in a different way?
Lockdown Mode in iOS - A fantastic Internet crap reduction tool I came looking for copper, and I found gold. This be a review of the Lockdown Mode in iOS 16/17 on iPhone, focusing on intended purpose of security and additional unintended benefits as an Internet sanitization tool, activation, functionality, app and site exclusion, some other observations, and more. I came for security, I stayed because it reduces stupidity. Yup. Do read on. https://www.dedoimedo.com/computers/iphone-lockdown-mode.html Cheers, Mrk
You can set up NextDNS on your iPad/iPhone and say goodbye to persistent ads and a lot of unwanted crapware. By default, Apple doesn't allow you to install adblockers for any browser but Safari so this is an optimal solution. Change your DNS. Done.
Agreed. Besides, a system-wide blocker is needed to prevent countless apps accessing trackers. There is also Brave which comes a with a built-in blocker. And in the future Apple is forced by the EU to allow browsers not based on webkit.
