Last year, Apple launched a special new protection for at-risk users — such as journalists and activists — called Lockdown Mode, designed to limit some regular iPhone, iPad, Mac and Watch features with the goal of minimizing the possibility of a successful cyberattack.
A year later, Apple said it is not aware of any successful hack against someone using Lockdown Mode.
The comment was made by a senior Apple engineer on a call with reporters on Wednesday in response to a question by TechCrunch. The call was held on the condition that reporters cannot name or quote the employee directly.
When someone enables Lockdown Mode, some Apple apps and services work differently. For example, most attachments and link previews are blocked on iMessage, FaceTime calls from unknown contacts are filtered, location information is removed from shared pictures and certain fonts on websites are prevented from loading.
Do you have information about targeted attacks? Or about any mercenary spyware vendors like NSO or Cytrox? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email firstname.lastname@example.org. You also can contact TechCrunch via SecureDrop.
These changes can make using your iPhone a bit more cumbersome; for example, the feature can make some websites unreadable or harder to navigate, though you can exclude certain apps or websites from Lockdown Mode without switching off the feature completely. The upside is that by removing these features, it's more difficult to exploit certain vulnerabilities and successfully hack an iPhone or Mac user.
In April, researchers revealed the first known case where Lockdown Mode blocked an attempted hack against a human rights defender, carried out with the Pegasus spyware made by the government surveillance vendor NSO Group. That cyberattack, which used a zero-day — meaning a vulnerability that wasn’t known to Apple at the time it was exploited — was reported by the digital rights research group Citizen Lab, and Apple confirmed that Lockdown Mode had blocked the attack.
“The fact that Lockdown Mode seems to have thwarted, and even notified targets of a real-world zero-click attack shows that it is a powerful mitigation, and is a cause for great optimism,” Bill Marczak, a senior researcher at Citizen Lab and one of the authors of the report, told TechCrunch in April, when the first documented case of Lockdown Mode blocking an intrusion was reported.
In September, Citizen Lab and Apple reported that Lockdown Mode prevented another attack, this time launched against former Egyptian member of parliament Ahmed Eltantawy using spyware known as Predator, which is made by Cytrox, another government surveillance tech provider.
“Lockdown Mode is the best defense we have today against Pegasus and Predator,” Runa Sandvik, a digital security expert and founder of Granitt, a company that helps journalists, activists, politicians, lawyers, refugees and human rights defenders protect themselves online, wrote in a recent blog post.