Nearly four years after launching a security feature called Lockdown Mode, Apple says it has yet to see a case where someone’s device was hacked with these additional security protections enabled.
“We are not aware of any successful mercenary spyware attacks against an Apple device with lock mode enabled,” Apple spokesperson Sarah O’Rourke told TechCrunch on Friday.
It’s the tech giant’s latest claim that Apple devices with Lockdown Mode can resist government spyware attacks, after first making the claim a year after the safety feature debuted.
Apple announced lockdown mode in 2022a series of optional security protections that disable certain features on iPhones and other Apple devices that are commonly exploited to hack targets with spyware. Apple specifically launched this security mode to help at-risk customers defend themselves against threats posed by government spyware created by companies like Intelexa, OSN Groupand Paragon Solutions.
In recent years, Apple has admitted that its customers can be hacked by spyware and has been more proactive in notifying customers that they have been attacked.
Apple has sent numerous lots either notifications to users in more than 150 countries, alerting them that they may have been hacked with spyware, demonstrating how much visibility the company now has over these types of attacks. Apple has never said how many users it has notified, but it’s likely to assume there have been dozens, if not more.
Donncha Ó Cearbhaill, head of Amnesty International’s security lab, where he has investigated dozens of spyware attacks, said he and his colleagues “have not seen any evidence that an iPhone has been successfully compromised by mercenary spyware when lock mode was enabled at the time of the attack.”
Digital rights organizations such as Amnesty International and the University of Toronto’s Citizen Lab have documented several successful attacks on iPhone users, none of which have mentioned bypassing lock mode. At least two casesCitizen Lab researchers said publicly that they had seen blocking mode actively block spyware attacks. one made with NSO’s Pegasusthe other with predatory spywaremade by a company now part of Intellexa.
In at least one documented case of a spyware attack targeting iPhonesGoogle security researchers saying The spyware would stop trying to infect the victim if it detected the blocking mode, probably as a way to evade detection.
Apple cybersecurity expert and critic Patrick Wardle says Lockdown Mode is an important feature that makes it harder for spyware makers to target Apple users.
“I think it’s safe to say that Lockdown Mode is one of the most aggressive consumer protection features ever shipped,” he told TechCrunch.
Contact us
Do you have more information about spyware attacks or spyware manufacturers? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email.
Wardle explained that by “reducing the attack surface,” Lockdown mode eliminates many techniques normally used to exploit the iPhone and forces spyware manufacturers to use more complex and expensive techniques for their development.
“It eliminates entire delivery mechanisms/exploit classes,” he added, “as it blocks most types of message attachments and restricts WebKit functionality. This is truly a huge reduction in the remotely accessible attack surface, especially for zero-click exploit chains,” referring to hacks that can target people over the Internet without any interaction from the victim.
Lockdown mode may have been bypassed and neither Apple nor independent researchers detected the attack. But given that Apple tends to remain publicly tight-lipped at the best of times, its latest statement marks an important milestone for lockdown mode.
I’ve used lockdown mode for years and barely think about it. except when notifications appear That can sometimes be confusing. Some features that have been disabled require you to take an extra step, such as copying and pasting text message links into your browser. That’s why I and several digital security experts recommend anyone who is worried about being the target of spyware or digital attacks to turn on lockdown mode.
