Lockdown mode is new Apple feature you should hope you never use. But for those who do, such as journalists, politicians, lawyers and human rights defenders, it’s a last line of defense against nation-state spyware designed to breach an iPhone’s protection.
The new security feature was announced earlier this year as an “extreme” level of protection against spyware creators who increasingly found ways to hack iPhones remotely without user intervention. These so-called zero-click attacks are invisible and exploit weaknesses in key iPhone functions, such as calling, messaging, and browsing the web. Apple fixes vulnerabilities as soon as they are discovered, often by security researchers who find traces of spyware on victims’ phones. But it’s an ongoing pursuit between Apple and the spyware makers that have targeted thousands of journalists, activists and human rights defenders in recent years.
What is Lockdown Mode?
With Lockdown Mode, Apple gives users the ability to temporarily disable (and reboot) some of the most abused device features at the touch of a button to make it much harder for spyware to break through and your private phone data to be transferred. Or, as Apple puts it, “significantly reduce the attack surface that could potentially be exploited by highly targeted rental spyware.”
londonbusinessblog.com tried out Lockdown Mode with an iPhone running Apple’s public beta version of iOS 16, which includes the new mode. The lock mode takes effect after some disclaimers and a restart of the device, and can be turned off again via the Settings menu.
While the mode limits what you can do and who can contact you — that’s the trade-off for having a much more secure iPhone — we didn’t find using our iPhone in Lockdown mode overly prohibitive or frustrating as we thought at the time. the feature was first announced.
The idea is to support as many routes as possible to your iPhone, iPad, or Mac from the Internet without already degrading the usability of the device. That means blocking contact from people you don’t know so that only people you know can call or message you. As the saying goes, your mileage may vary, in that your experience may differ based on your needs.
One of the first things you’ll notice is that Lockdown mode disables link previews in text messages, which have been shown to expose a person’s anonymity by getting their IP address. The mode doesn’t block the link, just the preview, so you can still copy and paste the web address into your browser. That adds a moment of discomfort to the user, but makes it much harder for attackers to break into where they once succeeded.
Lock mode also changes how the Safari browser works, disabling certain features that can affect some websites or completely disrupt others. You may see some web pages that rely on more complex web technologies in your browser, such as web-based fonts and just-in-time compilers that help websites load faster, not display correctly or at all.
Safari says “Lockdown Mode” when the feature is enabled. You can see that londonbusinessblog.com loads pretty well and the browser relies on built-in fonts if it can’t download them from the web, which changes the look of the page slightly. You can still set certain sites as “trusted” in Lockdown Mode, which allows you to bypass restrictions on sites that you know are safe.
Before and after
Where features are no longer available, such as shared photos, which mysteriously appear to disappear from your phone in lock mode, your device generally does well to alert the user when the feature is proactively activated.
You will see that when Lockdown mode is in effect, you will not be able to receive FaceTime calls from contacts you have never interacted with before. That is designed to protect against zero-click attacks that exploit weaknesses in FaceTime and iMessage, which are known to be used by spyware makers such as NSO Group and Candiru. You also cannot open attachments, such as documents or files, as they may contain malicious code that could endanger your device. You will not receive Apple service invitations, such as calendars and notes, from people you have not interacted with before while Lockdown Mode is enabled, and you cannot install new configuration profiles to join new work or school networks, as these can be misused by bad actors to remotely control a person’s device.
Most features that are blocked or restricted make it harder for attackers or spyware creators to hack into an iPhone remotely over the Internet or cellular network, but it also blocks wired connections to your device, preventing anyone with physical access to your phone or computer from the ability to download its content, using phone cracking technology.
Lockdown Mode may be a tacit admission that Apple can’t protect against every spyware maker or malware threat like no company can. But it is a sign to address the matter directly, rather than deny that it exists. Lockdown Mode will be available in iOS 16 and macOS Ventura later this year.