Beautiful Virgin Islands

Thursday, Oct 30, 2025

We can make our phones harder to hack but complete security is a pipe dream

We can make our phones harder to hack but complete security is a pipe dream

Even the latest iPhone scare won’t persuade us to choose safety over convenience
Apple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented level of protection against powerful “spyware” software that surreptitiously obtains control of their devices.

It’s called Lockdown Mode and, according to Apple, “offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware”.

Lockdown is effectively an alternative operating system mode. To turn it on, go to settings, choose it and restart your device. When you do, you find yourself with a rather different iPhone. Browsing the web is clunkier, for example, because Lockdown blocks many of the speed and efficiency tricks that Safari uses to render web pages. Some complex but widely used web technologies, like so-called just-in-time JavaScript compilation, which allow websites to run programs inside your browser, are disabled unless you specifically exclude a website from restriction. Still, more people might be persuaded to plump for greater security after vulnerabilities were revealed on Apple devices.

Lockdown also limits all kinds of incoming invitations and requests (for example, from FaceTime) unless you have specifically asked for them. In messages, the phone won’t show link previews and will block all attachments with the exception of a few standard image formats. Nor will it allow access to anything physically plugged into it. And so on.

The result of engaging Lockdown is that you have an iPhone that is more secure but less convenient to use. And, in a way, that is the most significant thing about Apple’s decision. As the security guru Bruce Schneier puts it: “It’s common to trade security off for usability and the results of that are all over Apple’s operating systems – and everywhere else on the internet. What they’re doing with Lockdown Mode is the reverse: they’re trading usability for security. The result is a user experience with fewer features, but a much smaller attack surface. And they aren’t just removing random features; they’re removing features that are common attack vectors.”

Ever since people started to worry about computer safety, the issue has been framed as striking a balance between security and convenience. Up to now, convenience has been winning hands down. Take passwords. Everyone knows that long, complex passwords are more secure than simple ones, but they’re also hard to remember. So, being human, we don’t use them: in 2021, the five most commonly used passwords were: 123456, 123456789, 12345, qwerty and password.

In the era of mainframe computers and standalone PCs, this kind of laxity didn’t matter too much. But as the world became networked, the consequences of carelessness have become more worrying. Why? Because there is no such thing as a completely secure networked device and we have been adding such devices to the so-called Internet of Things (IoT) on a maniacal scale. There are something like 13bn at the moment; by 2030, the tech industry thinks there might be 30bn.

The conventional adjective for these gizmos is “smart”. They can be “hi-tech” items such as smart speakers, fitness trackers and security cameras, but also standard household things such as fridges, lightbulbs and plugs, doorbells, thermostats and so on. From a marketing point of view, their USPs are flexibility, utility and responsiveness – in other words, convenience.

But smart is a euphemism that tactfully conceals the fact that they are tiny computers that are connected to the internet and can be remotely controlled from a smartphone or a computer. Some are made by reputable companies, but many are products of small outfits in China and elsewhere. They come with default usernames and passwords (such as “admin” and “password”) that buyers can change (but usually don’t). Because they’re networked, they are remotely accessible by their owners and, more importantly, by others. And there are billions of them out there in our homes, offices and factories.

Security researchers use the term “attack surface” to describe the number of possible points where an unauthorised user can access a system, extract data and/or inflict damage. The smaller the surface, the easier it is to protect. Unfortunately, the corollary also holds. In our Gadarene rush into the Internet of Things we are creating an attack surface of near-infinite dimensions.

The strange thing is that we already know what the consequences of this are like and yet seem unperturbed by them. In 2016, the security community was transfixed by a number of huge distributed denial-of-service attacks that caused outages, internet congestion and in one case overwhelmed the website of a prominent security guru.

Such attacks used to be conducted by botnets of thousands of infected PCs but the 2016 ones were carried out by a botnet that included perhaps half-a-million infected “smart” gizmos. The Mirai malware that assembled the botnet scoured the web for IoT devices protected by little more than factory-default usernames and passwords and then enlisted them in attacks that hurled junk traffic at an online target until it could no longer function.

Mirai is still around, so you might not be the only entity benefiting from those fancy new networked lightbulbs. The cost of convenience will be higher than we think. So upgrade those passwords.
#NSO 
Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
UK and Vietnam Sign Landmark Migration Deal to Fast-Track Returns of Irregular Arrivals
UK Drug-Pricing Overhaul Essential for Life-Sciences Ambition, Says GSK Chief
Princesses Beatrice and Eugenie Temporarily Leave the UK Amid Their Parents’ Royal Fallout
UK Weighs Early End to Oil and Gas Windfall Tax as Reeves Seeks Investment Commitments
UK Retail Inflation Slows as Shop Prices Fall for First Time Since Spring
Next Raises Full-Year Profit Guidance After Strong Third-Quarter Performance
Reform UK’s Lee Anderson Admits to 'Gaming' Benefits System While Advocating Crackdown
United States and South Korea Conclude Major Trade Accord Worth $350 Billion
Hurricane Melissa Strikes Cuba After Devastating Jamaica With Record Winds
Vice President Vance to Headline Turning Point USA Campus Event at Ole Miss
U.S. Targets Maritime Narco-Routes While Border Pressure to Mexico Remains Limited
Bill Gates at 70: “I Have a Real Fear of Artificial Intelligence – and Also Regret”
Elon Musk Unveils Grokipedia: An AI-Driven Alternative to Wikipedia
Saudi Arabia Unveils Vision for First-Ever "Sky Stadium" Suspended Over Desert Floor
Amazon Announces 14 000 Corporate Job Cuts as AI Investment Accelerates
UK Shop Prices Fall for First Time Since March, Food Leads the Decline
London Stock Exchange Group ADR (LNSTY) Earns Zacks Rank #1 Upgrade on Rising Earnings Outlook
Soap legend Tony Adams, long-time star of Crossroads, dies at 84
Rachel Reeves Signals Tax Increases Ahead of November Budget Amid £20-50 Billion Fiscal Gap
NatWest Past Gains of 314% Spotlight Opportunity — But Some Key Risks Remain
UK Launches ‘Golden Age’ of Nuclear with £38 Billion Sizewell C Approval
UK Announces £1.08 Billion Budget for Offshore Wind Auction to Boost 2030 Capacity
UK Seeks Steel Alliance with EU and US to Counter China’s Over-Capacity
UK Struggles to Balance China as Both Strategic Threat and Valued Trading Partner
Argentina’s Markets Surge as Milei’s Party Secures Major Win
British Journalist Sami Hamdi Detained by U.S. Authorities After Visa Revocation Amid Israel-Gaza Commentary
King Charles Unveils UK’s First LGBT+ Armed Forces Memorial at National Memorial Arboretum
At ninety-two and re-elected: Paul Biya secures eighth term in Cameroon amid unrest
Racist Incidents Against UK Nurses Surge by 55%
UK Chancellor Rachel Reeves Cites Shared Concerns With Trump Administration as Foundation for Early US-UK Trade Deal
Essentra plc: A Closer Look at a UK ‘Penny Stock’ Opportunity Amid Market Weakness
U.S. and China Near Deal to Avert Rare-Earth Export Controls Ahead of Trump-Xi Summit
Justin time: Justin Herbert Shields Madison Beer with Impressive Reflex at Lakers Game
Russia’s President Putin Declares Burevestnik Nuclear Cruise Missile Ready for Deployment
Giuffre’s Memoir Alleges Maxwell Claimed Sexual Act with Clooney
House Republicans Move to Strip NYC Mayoral Front-Runner Zohran Mamdani of U.S. Citizenship
Record-High Spoiled Ballots Signal Voter Discontent in Ireland’s 2025 Presidential Election
Philippines’ Taal Volcano Erupts Overnight with 2.4 km Ash Plume
Albania’s Virtual AI 'Minister' Diella Set to 'Birth' Eighty-Three Digital Assistants for MPs
Tesla Unveils Vision for Optimus V3 as ‘Biggest Product of All Time’, Including Surgical Capabilities
Francis Ford Coppola Auctions Luxury Watches After Self-Financed Film Flop
Convicted Sex Offender Mistakenly Freed by UK Prison Service Arrested in London
United States and China Begin Constructive Trade Negotiations Ahead of Trump–Xi Summit
U.S. Treasury Sanctions Colombia’s President Gustavo Petro over Drug-Trafficking Allegations
Miss USA Crowns Nebraska’s Audrey Eckert Amid Leadership Overhaul
‘I Am Not Done’: Kamala Harris Signals Possible 2028 White House Run
NBA Faces Integrity Crisis After Mass Arrests in Gambling Scandal
Swift Heist at the Louvre Sees Eight French Crown Jewels Stolen in Under Seven Minutes
U.S. Halts Trade Talks with Canada After Ontario Ad Using Reagan Voice Triggers Diplomatic Fallout
Microsoft AI CEO: ‘We’re making an AI that you can trust your kids to use’ — but can Microsoft rebuild its own trust before fixing the industry’s?
×