Last year, Apple released a special new protection for at-risk users – such as journalists and activists – called Lockdown Mode, designed to restrict certain normal iPhone, iPad, Mac and Watch functions to minimize the chance of a successful cyber attack.
A year later, Apple said it is not aware of any successful hacks against someone using the Lockdown feature.
The comment was made by a senior Apple engineer on a call with reporters on Wednesday in response to a question from TechCrunch. The call was made on the condition that reporters cannot name or quote the official directly.
When someone turns on the lock feature, some Apple apps and services they work differently. For example, most attachments and link previews are blocked in iMessage, FaceTime calls from unknown contacts are filtered, location information is removed from shared photos, and certain fonts are not allowed to load on websites.
Contact us
Do you have information about targeted attacks? Or any mercenary spyware vendors like NSO or Cytrox? We would love to hear from you. Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or email at lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.
These changes can make using your iPhone a little more cumbersome. for example, the feature may make some websites hard to read or harder to navigate, although you can exclude certain apps or websites from lock mode without disabling the feature entirely. On the plus side, by removing these features, it is more difficult to exploit certain vulnerabilities and successfully hack an iPhone or Mac user.
In April, researchers revealed the first known case where Lockdown Mode blocked a hacking attempt against a human rights defender, carried out with the Pegasus spyware made by government surveillance vendor NSO Group. This cyberattack, which used a zero-day — meaning a vulnerability that was not known to Apple at the time it was exploited — was reported by digital rights research group Citizen Lab, and Apple confirmed that its Lockdown feature had blocked the attack.
“The fact that Lockdown Mode appears to have prevented and even alerted targets of an actual zero-click attack shows that it is a powerful mitigation and is cause for great optimism,” said Bill Marczak, senior researcher at Citizen Lab. and one of the report’s authors, told TechCrunch in April, when the first documented case of a locking feature blocking an intrusion was reported.
In September, Citizen Lab and Apple reported that Lockdown Mode prevented another attack, this time against former Egyptian MP Ahmed Eltantawy using spyware known as Predator, which is made by Cytrox, another provider of government surveillance technology.
“Lockdown Mode is the best defense we have today against Pegasus and Predator,” said Runa Sandvik, cybersecurity expert and founder of Granitt, a company that helps journalists, activists, politicians, lawyers, refugees and human rights defenders to protect themselves online. he wrote in a recent blog post.
