Apple’s Lockdown Mode, a feature launched last year to protect iPhone users from sophisticated spyware, has successfully thwarted an attack by the notorious NSO Group, according to cybersecurity and human rights research group Citizen Lab.

The group released a report analyzing three new zero-day exploits in iOS 15 and iOS 16, which were used to target at least two Mexican human rights defenders. Lockdown Mode, designed to reduce the iPhone’s attack surface, successfully blocked one of the three exploits. The other two were used to successfully hack the iPhones.

This marks the first documented case where Lockdown Mode has successfully protected someone from a targeted attack. The researchers noted that while it’s possible that NSO’s exploit developers may have figured out a way to correct the notification issue, such as by fingerprinting Lockdown Mode, this case shows that Lockdown Mode can be effective.

Lockdown Mode has been praised by cybersecurity experts, but some have raised concerns that attackers may simply move away from exploiting Apple apps and target third-party apps instead. Furthermore, it remains to be seen how many people will choose to turn on Lockdown Mode.

An Apple spokesperson said that Lockdown Mode disrupted this sophisticated attack and alerted users immediately, even before the specific threat was known to Apple and security researchers. The spokesperson added that Apple’s security teams will continue to work tirelessly to advance Lockdown Mode and strengthen the security and privacy protections in iOS.

The NSO Group, which sells its spyware exclusively to government customers, has been repeatedly criticized for enabling governments to target journalists, human rights defenders, and opposition politicians. Pegasus, the company’s spyware, can remotely obtain a phone’s location, messages, photos and virtually anything the phone’s legitimate owner can access. Citizen Lab’s report identified three different exploits by analyzing several phones that were suspected to have been hacked with NSO’s spyware.

Apple’s Lockdown Mode, a feature launched last year to protect iPhone users from sophisticated spyware, has successfully thwarted an attack by the notorious NSO Group, according to cybersecurity and human rights research group Citizen Lab.

The group released a report analyzing three new zero-day exploits in iOS 15 and iOS 16, which were used to target at least two Mexican human rights defenders. Lockdown Mode, designed to reduce the iPhone’s attack surface, successfully blocked one of the three exploits. The other two were used to successfully hack the iPhones.

This marks the first documented case where Lockdown Mode has successfully protected someone from a targeted attack. The researchers noted that while it’s possible that NSO’s exploit developers may have figured out a way to correct the notification issue, such as by fingerprinting Lockdown Mode, this case shows that Lockdown Mode can be effective.

Lockdown Mode has been praised by cybersecurity experts, but some have raised concerns that attackers may simply move away from exploiting Apple apps and target third-party apps instead. Furthermore, it remains to be seen how many people will choose to turn on Lockdown Mode.

An Apple spokesperson said that Lockdown Mode disrupted this sophisticated attack and alerted users immediately, even before the specific threat was known to Apple and security researchers. The spokesperson added that Apple’s security teams will continue to work tirelessly to advance Lockdown Mode and strengthen the security and privacy protections in iOS.

The NSO Group, which sells its spyware exclusively to government customers, has been repeatedly criticized for enabling governments to target journalists, human rights defenders, and opposition politicians. Pegasus, the company’s spyware, can remotely obtain a phone’s location, messages, photos and virtually anything the phone’s legitimate owner can access. Citizen Lab’s report identified three different exploits by analyzing several phones that were suspected to have been hacked with NSO’s spyware.