As a paranoid journalist, I’m an enthusiastic person of Apple’s opt-in “excessive safety” characteristic, Lockdown Mode.
Apple launched Lockdown Mode in 2022, and since then the security characteristic is taken into account a must-use for dissidents in corrupt international locations, human-rights defenders in oppressive regimes, and journalists talking fact to energy.
Lockdown Mode is designed to change off some options in iPhones, iPads, and Macs, with the purpose of lowering the probability that hackers armed with subtle spyware and adware or zero-days — unknown flaws in methods that enable attackers to stealthily exploit them — can efficiently break Apple’s working system protections and spy on its customers.
In observe, Lockdown Mode removes some regular Apple system options, similar to fonts loaded from the web that may observe you, the flexibility to obtain sure sorts of information, your location information from photographs that you just share, help for 2G mobile connectivity, and letting individuals who haven’t contacted you earlier than attain you over FaceTime and iMessage; though it’s unclear if the latter is the case (extra on that later).
In alternate for these nuisances, Lockdown Mode makes it more durable so that you can get hacked, even by among the most superior hackers on the market.
Lockdown Mode already has a observe file of blocking these superior assaults. Apple says it isn’t conscious of any profitable hack towards its customers who’ve enabled Lockdown Mode, and digital rights group Citizen Lab has documented an tried spyware and adware assault blocked by Lockdown Mode. I, too, have personally heard some individuals within the offensive security business complain about Lockdown Mode making their exploits harder.
However three years after its debut, precisely how Lockdown Mode works continues to be shrouded in obscurity and lacks explanations into the reasoning behind what actions Lockdown Mode takes. And, a few of Lockdown Mode’s notifications are downright complicated, unexplained, or seemingly random, which could discourage some customers from utilizing it altogether.
Blocked, however why?
Let me preface this by saying that people who find themselves in danger from authorities hackers should use Lockdown Mode, even contemplating the restrictions that include it.
These restrictions aren’t the issue. Lockdown Mode’s notifications have grow to be more and more puzzling.
Living proof: The opposite day, I obtained this Lockdown Mode notification (beneath) out of nowhere, mentioning somebody by identify who I haven’t talked to in months, and from whom I didn’t obtain a message or a name afterwards. Following this notification, once I requested if she tried to contact me, she stated that no, she didn’t.
Somebody additionally advised me that as they had been scrolling via their contacts, one in every of their associates noticed a “Lockdown Mode blocked…” notification along with his identify on, suggesting Lockdown Mode may be triggered just by viewing somebody’s contact.
However…why?
For months I’ve been getting the identical notification telling me that Lockdown Mode blocked somebody “from contacting” me, each time I exploit iMessage, and it at all times mentions somebody I do know, and who’s already in my contacts.
These notifications typically pop up when I’m already messaging that particular person on iMessage, which makes it unclear if I’m going to cease getting their messages, or worse, that a few of their messages have already disappeared because of Lockdown Mode.
Hell, possibly this implies I get hacked, or at the least focused? Ought to I get my telephone checked each time I get one in every of these notifications?
It seems I can nonetheless preserve chatting with the very those who Lockdown Mode claims to have blocked. These individuals are fairly actually contacting me, and I’m chatting with them. What’s Lockdown Mode truly doing right here?
Contact Us
Have you ever seen any unusual Lockdown Mode notifications? Or do you do security analysis on Lockdown Mode? From a non-work system and community, you may contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, or e-mail. You can also contact information.killnetswitch through SecureDrop.
Tapping on Lockdown Mode notifications does nothing. You aren’t redirected to an Apple web site that explains what Lockdown Mode is or does, nor does it clarify what these notifications particularly imply.
“I don’t assume these messages are useful. They don’t embody any context and aren’t actionable, neither is there a approach to determine what’s occurring,” Runa Sandvik, a hacker who has a startup that helps journalists and different excessive threat individuals defend themselves, advised information.killnetswitch. “I’d like to see Apple both share extra info in order that we all know what to ‘do’ with them, or not show them in any respect.”
Sandvik and I aren’t the one ones left scratching our chins each time we see Lockdown Mode notifications. Once I wrote about my considerations about Lockdown Mode on social media, a number of individuals responded publicly — and in non-public — saying they’ve had comparable experiences, and are additionally confused.
My editor Zack Whittaker, for instance, has for months been sporadically getting Lockdown Mode notifications saying “an unknown contact tried to share management of Apple Music,” in addition to a notification that Lockdown Mode “blocked Focus Sharing,” and gained’t be shared with different individuals when in Lockdown” (I additionally get this notification occasionally.)
To the lab we go
I made a decision to run an experiment with the assistance of Harlo Holmes, chief info security officer and the director of digital security at Freedom of the Press Basis, a non-profit that helps help the free press. I puzzled if it made any distinction — when it comes to triggering the complicated notifications — whether or not somebody not in my contacts tried to succeed in out to me with Lockdown Mode enabled on my telephone, and what kind of content material it could block.
We each deleted one another from our contact lists (we’re nonetheless associates although), and began chatting for the primary time ever on iMessage. When Holmes texted me — and neither of us had been in every others’ contact lists — I obtained the “Lockdown Mode blocked…” notification, this time displaying her telephone quantity. I nonetheless obtained her message.
We exchanged textual content, emojis, a cat image, and iMessage “stickers.” All of those went via, apart from the stickers, which turned to both a Unicode character of a query mark, or a nondescript file attachment, which may’t be opened, even for those who faucet on it:
When this occurred, each Holmes and I might nonetheless see the stickers we despatched from our personal telephones, that means the blocking was solely seen to the recipient. That can also be the case for the “Lockdown Mode blocked…” notification. I obtained the notification, however Holmes didn’t know I obtained it.
This is sensible, as Apple wouldn’t need to tip-off authorities hackers that their try and hack somebody not solely didn’t work, but additionally alerted the focused person who one thing went flawed.
That’s good to know, and once more, I’m joyful Lockdown Mode blocks one thing, and makes me safer, however I nonetheless don’t know what these notifications are supposed to inform me.
I reached out to Apple asking them for some explanations, however an Apple spokesperson didn’t present on the file remarks by press time. At the very least the spokesperson acknowledged receiving my message, so I do know Lockdown Mode didn’t block it.
