As a paranoid journalist, I’m an enthusiastic person of Apple’s opt-in “excessive safety” function, Lockdown Mode.
Apple launched Lockdown Mode in 2022, and since then the safety function is taken into account a must-use for dissidents in corrupt nations, human-rights defenders in oppressive regimes, and journalists talking fact to energy.
Lockdown Mode is designed to modify off some options in iPhones, iPads, and Macs, with the aim of decreasing the probability that hackers armed with refined spy ware or zero-days — unknown flaws in methods that permit attackers to stealthily exploit them — can efficiently break Apple’s working system protections and spy on its customers.
In observe, Lockdown Mode removes some regular Apple system options, resembling fonts loaded from the web that may monitor you, the power to obtain sure forms of information, your location information from pictures that you simply share, assist for 2G mobile connectivity, and letting individuals who haven’t contacted you earlier than attain you over FaceTime and iMessage; though it’s unclear if the latter is the case (extra on that later).
In change for these nuisances, Lockdown Mode makes it tougher so that you can get hacked, even by a few of the most superior hackers on the market.
Lockdown Mode already has a monitor report of blocking these superior assaults. Apple says it isn’t conscious of any profitable hack in opposition to its customers who’ve enabled Lockdown Mode, and digital rights group Citizen Lab has documented an tried spy ware assault blocked by Lockdown Mode. I, too, have personally heard some individuals within the offensive safety business complain about Lockdown Mode making their exploits harder.
But three years after its debut, precisely how Lockdown Mode works continues to be shrouded in obscurity and lacks explanations into the reasoning behind what actions Lockdown Mode takes. And, a few of Lockdown Mode’s notifications are downright complicated, unexplained, or seemingly random, which could discourage some customers from utilizing it altogether.
Blocked, however why?
Let me preface this by saying that people who find themselves in danger from authorities hackers should use Lockdown Mode, even contemplating the restrictions that include it.
Those restrictions should not the issue. Lockdown Mode’s notifications have turn out to be more and more puzzling.
Case in level: The different day, I acquired this Lockdown Mode notification (under) out of nowhere, mentioning somebody by title who I haven’t talked to in months, and from whom I didn’t obtain a message or a name afterwards. Following this notification, once I requested if she tried to contact me, she mentioned that no, she didn’t.
Someone additionally informed me that as they had been scrolling via their contacts, one in every of their buddies noticed a “Lockdown Mode blocked…” notification together with his title on, suggesting Lockdown Mode may be triggered just by viewing somebody’s contact.
But…why?
For months I’ve been getting the identical notification telling me that Lockdown Mode blocked somebody “from contacting” me, each time I take advantage of iMessage, and it all the time mentions somebody I do know, and who’s already in my contacts.
These notifications usually pop up when I’m already messaging that individual on iMessage, which makes it unclear if I’m going to cease getting their messages, or worse, that a few of their messages have already disappeared due to Lockdown Mode.
Hell, possibly this implies I get hacked, or a minimum of focused? Should I get my telephone checked each time I get one in every of these notifications?
It seems I can nonetheless maintain chatting with the very those who Lockdown Mode claims to have blocked. These persons are fairly actually contacting me, and I’m chatting with them. What is Lockdown Mode truly doing right here?
Contact Us
Have you seen any unusual Lockdown Mode notifications? Or do you do safety analysis on Lockdown Mode? From a non-work system and community, you may contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, or e mail. You can also contact TechCrunch through SecureDrop.
Tapping on Lockdown Mode notifications does nothing. You aren’t redirected to an Apple web site that explains what Lockdown Mode is or does, nor does it clarify what these notifications particularly imply.
“I don’t suppose these messages are useful. They don’t embody any context and should not actionable, neither is there a manner to determine what’s happening,” Runa Sandvik, a hacker who has a startup that helps journalists and different excessive threat individuals shield themselves, informed TechCrunch. “I’d like to see Apple both share extra info in order that we all know what to ‘do’ with them, or not show them in any respect.”
Sandvik and I should not the one ones left scratching our chins each time we see Lockdown Mode notifications. When I wrote about my issues about Lockdown Mode on social media, a number of individuals responded publicly — and in non-public — saying they’ve had related experiences, and are additionally confused.
My editor Zack Whittaker, for instance, has for months been sporadically getting Lockdown Mode notifications saying “an unknown contact tried to share management of Apple Music,” in addition to a notification that Lockdown Mode “blocked Focus Sharing,” and received’t be shared with different individuals when in Lockdown” (I additionally get this notification every now and then.)
To the lab we go
I made a decision to run an experiment with the assistance of Harlo Holmes, chief info safety officer and the director of digital safety at Freedom of the Press Foundation, a non-profit that helps assist the free press. I questioned if it made any distinction — by way of triggering the complicated notifications — whether or not somebody not in my contacts tried to succeed in out to me with Lockdown Mode enabled on my telephone, and what kind of content material it could block.
We each deleted one another from our contact lists (we’re nonetheless buddies although), and began chatting for the primary time ever on iMessage. When Holmes texted me — and neither of us had been in every others’ contact lists — I acquired the “Lockdown Mode blocked…” notification, this time displaying her telephone quantity. I nonetheless acquired her message.
We exchanged textual content, emojis, a cat image, and iMessage “stickers.” All of those went via, aside from the stickers, which turned to both a Unicode character of a query mark, or a nondescript file attachment, which may’t be opened, even in case you faucet on it:
When this occurred, each Holmes and I might nonetheless see the stickers we despatched from our personal telephones, that means the blocking was solely seen to the recipient. That can be the case for the “Lockdown Mode blocked…” notification. I acquired the notification, however Holmes didn’t know I acquired it.
This is smart, as Apple wouldn’t wish to tip-off authorities hackers that their try and hack somebody not solely didn’t work, but in addition alerted the focused person who one thing went incorrect.
That’s good to know, and once more, I’m completely satisfied Lockdown Mode blocks one thing, and makes me safer, however I nonetheless don’t know what these notifications are supposed to inform me.
I reached out to Apple asking them for some explanations, however an Apple spokesperson didn’t present on the report remarks by press time. At least the spokesperson acknowledged receiving my message, so I do know Lockdown Mode didn’t block it.
