> Lockdown Mode helps protect devices against extremely rare and highly sophisticated cyber attacks.
> What is Lockdown Mode?
> Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. Most people are never targeted by attacks of this nature.
> When Lockdown Mode is enabled, your device won’t function like it typically does. To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.
> Lockdown Mode is available in iOS 16 or later, iPadOS 16 or later, watchOS 10 or later, and macOS Ventura or later. Additional protections are available starting in iOS 17, iPadOS 17, watchOS 10, and macOS Sonoma.
Details at the link. [0]
It sure doesn't sound like much of a lockdown to me.
For example, Graphite, the spyware used by Paragon gets stopped in its tracks by Lockdown Mode as it disables link previews in iMessage (probably one of the more vulnerable apps due to it’s system privileges alongside Safari I believe) which can prevent zero-click attacks: https://citizenlab.ca/research/first-forensic-confirmation-o....
The NSO Group’s Pegasus and BlastPass spywares are also stopped with Lockdown Mode (in Pegasus’ case, zero-click exploits at minimum are thwarted).
Lockdown Mode’s USB protection is also effective at stopping Cellebrite, although it’s means of protection isn’t as comprehensive as GrapheneOS’s usb-blocking feature.
It also disables (among other things) Safari’s JIT compiler/V8 and WebAssembly which are some of the biggest attack vectors for web-based malware.
I noted it in the Apple Platform Security thread but I would like to also see Lockdown Mode have full synchronous across the board MTE which would be a big feature but I understand that this can introduce a severe performance regression.
Those features are definitely useful for internet-based attacks.
This is high profile espionage case related to leak of TOPSECRET documents, therefore probably all possible tech was used to gain access to the devices.
Page 5:
In the upstairs of the house, investigators located a powered-off silver MacBook Pro with a black case, an Apple iPhone 13, a Handy branded audio recording device, and a Seagate portable hard drive. See id. ¶ 26. Investigators seized these devices. The iPhone was found powered on and charging, and its display noted that the phone was in “Lockdown” mode
Page 6:
The Computer Analysis Response Team (CART) began processing each device to preserve the information therein. The Handy recorder and the Seagate portable drive have been processed, but no review has occurred. See id. ¶ 37. Because the iPhone was in Lockdown mode, CART could not extract that device. See id. ¶ 35. Similarly, the personal MacBook Pro could not be imaged yet. See id. ¶ 36. The Garmin watch was not processed before this Cout’s Standstill Order, and no further processing will occur until further order of the Court. See id. ¶ 37
Source: https://storage.courtlistener.com/recap/gov.uscourts.vaed.58...
——-
The above was from /u/treasoro on reddit: https://www.reddit.com/r/privacy/comments/1qsmy8g/fbi_was_no...