Apple says no one using Lockdown Mode has been hacked by spyware

Nearly four years after introducing a security feature called Lockdown Mode, Apple says it has yet to see a case where someone’s device was stolen and the security feature was turned on.

“We are not aware of any successful spyware exploits on an Apple device that has Lockdown Mode,” Apple spokeswoman Sarah O’Rourke told TechCrunch on Friday.

It’s the latest technical confirmation that Apple devices with Lockdown Mode can withstand government spyware attacks, after all. first explanation A year after the security feature made its debut.

Apple in 2022 announced Lockdown Modea series of security features that disable certain features in iPhones and other Apple devices that are often used for hacking and spyware. Apple specifically released this security solution to help vulnerable customers protect themselves from threats caused by government spying software developed by companies like. Intellexa, The NSO teamand Paragon Solutions.

In recent years, Apple has acknowledged that its customers are vulnerable to spyware and has been proactive in notifying customers of its targets.

Apple has it he sent many teams about information to users in more than 150 countries, warning them that they may have been hacked by spyware, which shows how visible the company is to these types of threats. Apple hasn’t said how many users they’ve notified, but it’s safe to assume there have been many, if not more.

Donncha Ó Cearbhaill, head of Amnesty International’s security laboratory, which has researched espionage data, said he and his colleagues “did not see any evidence that the iPhone was successfully compromised by spyware installed when Lockdown Mode was activated during the attack.”

Digital rights organizations such as Amnesty International and the University of Toronto’s Citizen Lab have documented several attacks on iPhone users, none of which mention Lockdown Mode. At least two casesCitizen Lab researchers have publicly reported that they have seen Lockdown Mode prevent spyware attacks, one was done by NSO’s Pegasusthe other and Predator Spywaremade by the company now part of Intellexa.

In one written case of spyware attacks to target iPhonessecurity researchers at Google he said Spyware can stop trying to infect the victim if it detects Lockdown Mode, perhaps as a way to avoid detection.

Patrick Wardle, an Apple cybersecurity expert and critic, says Lockdown Mode is an important feature that makes it harder for spyware developers to attack Apple users.

“I think it’s safe to say, Lockdown Mode is one of the most difficult consumer-facing things that has ever been deployed,” he told TechCrunch.

Wardle explained that by “shrinking the attack surface,” Lockdown Mode removes many of the methods used to exploit the iPhone, forcing spyware developers to use more complex and expensive methods to develop.

“It kills all methods of providing / using classes,” he added, “as it blocks many types of communication, it blocks the WebKit interface. This is the biggest limitation that can be found remotely, especially for zero-click operating systems,” referring to hacks that can target people on the Internet without interacting with the victim.

It is possible that Lockdown Mode was bypassed, and neither Apple nor independent researchers have done this. But since Apple is usually tight-fisted in public at the best of times, its latest statement shows an important role in Lockdown Mode.

I’ve been using Lockdown Mode for years, and I never thought about it – unless it is obvious which can sometimes be confusing. Some disabled features require you to do some extra work, such as copying and pasting links in text messages into your browser. This is why I, along with several digital security experts, encourage anyone who is concerned about being targeted by spyware or digital tools to turn on Lockdown Mode.