Comment by armadyl
The things that Lockdown Mode disables actually massively reduce attack surface at the expense of user experience.
For example, Graphite, the spyware used by Paragon gets stopped in its tracks by Lockdown Mode as it disables link previews in iMessage (probably one of the more vulnerable apps due to it’s system privileges alongside Safari I believe) which can prevent zero-click attacks: https://citizenlab.ca/research/first-forensic-confirmation-o....
The NSO Group’s Pegasus and BlastPass spywares are also stopped with Lockdown Mode (in Pegasus’ case, zero-click exploits at minimum are thwarted).
Lockdown Mode’s USB protection is also effective at stopping Cellebrite, although it’s means of protection isn’t as comprehensive as GrapheneOS’s usb-blocking feature.
It also disables (among other things) Safari’s JIT compiler/V8 and WebAssembly which are some of the biggest attack vectors for web-based malware.
I noted it in the Apple Platform Security thread but I would like to also see Lockdown Mode have full synchronous across the board MTE which would be a big feature but I understand that this can introduce a severe performance regression.
I can see how the USB lock would stop Cellebrite, and perhaps that's all that CART had available, but I didn't see the other features as meaningful to a device with physical access.
Those features are definitely useful for internet-based attacks.