Comment by k310

Comment by k310 20 hours ago

2 replies

View on Hacker News

About Lockdown Mode [0]

> Lockdown Mode helps protect devices against extremely rare and highly sophisticated cyber attacks.

> What is Lockdown Mode?

> Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. Most people are never targeted by attacks of this nature.

> When Lockdown Mode is enabled, your device won’t function like it typically does. To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.

> Lockdown Mode is available in iOS 16 or later, iPadOS 16 or later, watchOS 10 or later, and macOS Ventura or later. Additional protections are available starting in iOS 17, iPadOS 17, watchOS 10, and macOS Sonoma.

Details at the link. [0]

It sure doesn't sound like much of a lockdown to me.

[0] https://support.apple.com/en-us/105120

armadyl 20 hours ago

The things that Lockdown Mode disables actually massively reduce attack surface at the expense of user experience.

For example, Graphite, the spyware used by Paragon gets stopped in its tracks by Lockdown Mode as it disables link previews in iMessage (probably one of the more vulnerable apps due to it’s system privileges alongside Safari I believe) which can prevent zero-click attacks: https://citizenlab.ca/research/first-forensic-confirmation-o....

The NSO Group’s Pegasus and BlastPass spywares are also stopped with Lockdown Mode (in Pegasus’ case, zero-click exploits at minimum are thwarted).

Lockdown Mode’s USB protection is also effective at stopping Cellebrite, although it’s means of protection isn’t as comprehensive as GrapheneOS’s usb-blocking feature.

It also disables (among other things) Safari’s JIT compiler/V8 and WebAssembly which are some of the biggest attack vectors for web-based malware.

I noted it in the Apple Platform Security thread but I would like to also see Lockdown Mode have full synchronous across the board MTE which would be a big feature but I understand that this can introduce a severe performance regression.

Reply View 1 reply
  • k310 20 hours ago

    I can see how the USB lock would stop Cellebrite, and perhaps that's all that CART had available, but I didn't see the other features as meaningful to a device with physical access.

    Those features are definitely useful for internet-based attacks.

    Reply View 0 replies