Apple's iPhone Lockdown Mode: A proof-of-concept website can tell whether your phone has it enabled.
iPhone Lockdown Mode was announced by Apple to help people facing serious targeted threats to their digital security. Apple calls this extreme but optional protection for a small number of users, including journalists, politicians and human rights activists, who find themselves in the crosshairs of state-sponsored spying programs like Pegasus, developed by the Israel-based NSO Group. However, it looks like a simple proof of concept website can determine if you have enabled the mode and potentially make you a target.
According to a report from Motherboard, a proof-of-concept website developed by John Ozbay, a privacy activist and CEO of privacy-focused company Cryptee, can instantly detect whether or not you are using lockdown mode on your iPhone.
Apple developed the feature to add a new layer of protection after at least two Israeli companies exploited vulnerabilities in Apple's software to remotely break into iPhones without requiring the target to click or tap anything. NSO Group's Pegasus software can carry out such attacks by injecting malware and accessing private user data. Once lockdown mode is activated, the device will no longer function as usual. Apps, websites and functions are severely restricted for security reasons, and some functions are then no longer available at all.
"Let us say you are in China and you are using lockdown mode. Now any website you visit could detect that you are using lockdown mode, because they also have your IP address. So they are able to detect that the user with that IP address is using lockdown mode. It's a tradeoff between security and privacy. [Apple] has chosen security," Ozbay is quoted as saying. Ozbay says that among the various features that lockdown mode disables, the lack of loading custom fonts is "the easiest to detect and exploit."
"It took us five minutes to put the code together and see if that worked," he told Motherboard. The privacy advocate also says the issue is not technically a bug, but a specific drawback of the lockdown mode design that may be impossible to work around. He says there is only one way Apple can mitigate this problem, and that is by fundamentally changing the way Lockdown Mode works.
Apple claims that Lockdown Mode in iOS 16, iPadOS 16 and macOS Ventura further tightens device defenses and strictly limits certain features. iOS 16 is likely to be released next month and iPadOS could launch in October.