Turns out Apple’s vaunted Lockdown Mode for iPhones has a pretty big Achilles heel. The feature, introduced in iOS 16 as an extra layer of defense for high-risk groups like journalists and activists, can supposedly be bypassed by hackers.
According to researchers at Jamf Threat Labs, Lockdown Mode doesn’t actually detect malware or prevent it from operating in the background. So if your phone is already compromised, flipping on Lockdown Mode won’t save you.
Hackers can create a convincing fake Lockdown Mode interface to trick users into thinking their phone is secure, all while malware runs freely behind the scenes.
“By duping users into believing their device is functioning normally and that extra protections are active, hackers make it far less likely for shady background activity to be noticed,” said Jamf’s Michael Covington.
One example of abuse would be altering Safari’s Lockdown Mode to re-enable viewing PDFs, which is usually blocked.
“We did not think such a widely touted security capability would have its user interface separated from the implementation reality,” Covington added.
Still, Lockdown Mode isn’t totally useless. In September 2022, researchers found the anti-surveillance feature successfully halted BLASTPASS, an exploit chain used to install the Pegasus spyware.
But the fact that convincing fake versions can apparently be created underscores Lockdown Mode’s limitations. It seems while the concept is sound, clever hackers can still find ways to bypass it if your phone is already infected.
So bottom line – don’t view Lockdown Mode as guaranteed protection against advanced persistent threats. When up against skilled, determined adversaries, no single iPhone security tool is a silver bullet. Defense in layers remains the soundest approach.