Skip to main content

An iPhone just blocked one of the worst spyware attacks on the planet

Apple released an “extreme safety” measure bundled with iOS 16 last summer, and it’s targeted at sophisticated spyware that is usually deployed covertly against government agencies. It appears that Apple’s safety tool is effective, to a certain extent, against Pegasus — one of the most devastating surveillance attacks ever documented. 

Citizen Lab, the security group based at the University of Toronto’s Munk School of Global Affairs & Public Policy, has detailed a pair of zero-click exploits that targeted iOS 15 and iOS 16 devices last year. Labeled PWNYOURHOME and FINDMYPWN, these exploits were widely used by Pegasus-maker NSO Group against targets in Mexico and elsewhere.

Lockdown Mode information page on an iPhone 14 Pro.
Joe Maring/Digital Trends

The security lab notes that on iPhones with Lockdown Mode enabled, the target got real-time notifications if the Pegasus spyware tried to exploit the PWNYOURHOME vulnerability. NSO Group may have eventually devised a workaround against the alert system, but in general, there is no evidence that the aforementioned security flaw was abused on any device with Lockdown mode enabled.  

“Given that we have seen no indications that NSO has stopped deploying PWNYOURHOME, this suggests that NSO may have figured out a way to correct the notification issue, such as by fingerprinting Lockdown Mode,” Citizen Lab writes in its exhaustive report.

The security lab suggests that all at-risk users should enable Lockdown Mode to ensure that they don’t become the next targets of Pegasus-fueled illicit surveillance — or any such spyware that is virtually impossible to detect in the wild.

Example of an iPhone with Lockdown Mode blocking attacks from Pegasus spyware.
Example of Lockdown Mode blocking a Pegasus attack Citizen Lab

Apple says Lockdown Mode is aimed at “very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats.” As such, it trades security with your average smartphone functionalities. For example, it disables certain messages, blocks access to a bunch of websites, and blocks FaceTime calls from unknown contacts, among other connectivity restrictions. 

But as they say, you can never be too sure about your security. As far as Pegasus goes, it has been deployed against journalists, activists, high-ranking officials, and political figures all across the globe. And it’s the zero-click nature of this surveillance agent and how it covertly mines almost every kind of sensitive information — from calls logs and emails to storage content — that makes it a favorite of bad actors seated in positions of state power.

With proof that Lockdown Mode is effective at stopping the spyware, anyone even remotely concerned about being targeted by Pegasus (or similar attacks) should seriously consider enabling Lockdown Mode on their iPhone ASAP.

Editors' Recommendations

Nadeem Sarwar
Nadeem is a tech journalist who started reading about cool smartphone tech out of curiosity and soon started writing…
I reviewed 20 phones in 2023. These are my 5 favorites
A person taking a photo with the Apple iPhone 15 Plus.

This has been a fantastic year for smartphones due to the sheer variety of great devices at all prices. In other words, if you wanted a brilliant new phone this year, it didn’t have to be a $1,000-plus flagship.

I’ve used and reviewed a great many phones over the past 12 months, but the following five have left the biggest impression to become what I consider the very best you can get.
iPhone 15 Plus
Apple iPhone 15 Plus Andy Boxall / Digital Trends

Read more
Why RCS for the iPhone is Apple’s biggest announcement of 2023
A person holding the Apple iPhone 15 Plus.

Hell has frozen over. On November 16, 2023, Apple made the very unexpected announcement that it was bringing support for RCS on the iPhone in 2024.

In 2022, Tim Cook himself said that he’d rather sell you an iPhone instead of ever bringing RCS support to the iPhone because he thought customer demand for RCS wasn’t there. Google has made numerous attempts to shame Apple over its pushback of RCS over the years.

Read more
Does the Google Pixel Watch work with an iPhone?
A person wearing the Google Pixel Watch 2.

Google threw its hat into the smartwatch ring last year when it introduced the Google Pixel Watch, and now it's back for a much-needed encore with the Pixel Watch 2 — an updated version that proves how good an idea it is to wait for the second generation of a new tech product.

The Pixel Watch 2 improves upon its predecessor in nearly every way, with better battery life, a more comfortable design, and far smoother performance. It's enough for Google to make a mark among Wear OS smartwatches and give Samsung’s Galaxy Watch lineup a run for its money in a way that other challengers like the Moto 360 and Oppo Watch never could.

Read more