As a paranoid journalist, I’m an enthusiastic consumer of Apple’s opt-in “excessive safety” function, Lockdown Mode.
Apple launched Lockdown Mode in 2022, and since then the safety function is taken into account a must-use for dissidents in corrupt international locations, human-rights defenders in oppressive regimes, and journalists talking reality to energy.
Lockdown Mode is designed to change off some options in iPhones, iPads, and Macs, with the purpose of decreasing the probability that hackers armed with subtle spy ware or zero-days — unknown flaws in programs that enable attackers to stealthily exploit them — can efficiently break Apple’s working system protections and spy on its customers.
In follow, Lockdown Made removes some regular Apple machine options, resembling fonts loaded from the web that may observe you, the power to obtain sure kinds of information, your location knowledge from photographs that you just share, assist for 2G mobile connectivity, and letting individuals who haven’t contacted you earlier than attain you over FaceTime and iMessage; though it’s unclear if the latter is the case (extra on that later).
In change for these nuisances, Lockdown Mode makes it more durable so that you can get hacked, even by a few of the most superior hackers on the market.
Lockdown Mode already has a observe document of blocking these superior assaults. Apple says it isn’t conscious of any profitable hack in opposition to its customers who’ve enabled Lockdown Mode, and digital rights group Citizen Lab have documented an tried spy ware assault blocked by Lockdown Mode. I, too, have personally heard some individuals within the offensive safety trade complain about Lockdown Mode making their exploits tougher.
However three years after its debut, precisely how Lockdown Mode works remains to be shrouded in obscurity, and lacks explanations into the reasoning behind what actions Lockdown Mode takes. And, a few of Lockdown Mode’s notifications are downright complicated, unexplained, or seemingly random, which could discourage some customers from utilizing Lockdown Mode altogether.
Blocked, however why?
Let me preface this by saying that people who find themselves in danger from authorities hackers should use Lockdown Mode, even contemplating the restrictions that include it.
These restrictions aren’t the issue. Lockdown Mode’s notifications have turn out to be more and more puzzling.
Living proof: The opposite day, I acquired this Lockdown Mode notification (beneath) out of nowhere, mentioning somebody by identify who I haven’t talked to in months, and from whom I didn’t obtain a message or a name afterwards. Following this notification, once I requested if she tried to contact me, she mentioned that no, she didn’t.
Somebody additionally advised me that as they had been scrolling by means of their contacts, considered one of their mates noticed a “Lockdown Mode blocked…” notification together with his identify on, suggesting Lockdown Mode might be triggered just by viewing somebody’s contact.
However…why?
For months I’ve been getting the identical notification telling me that Lockdown Mode blocked somebody “from contacting” me, each time I exploit iMessage, and it at all times mentions somebody I do know, and who’s already in my contacts.
These notifications usually pop up when I’m already messaging that particular person on iMessage, which makes it unclear if I’m going to cease getting their messages, or worse, that a few of their messages have already disappeared because of Lockdown Mode.
Hell, perhaps this implies I get hacked, or not less than focused? Ought to I get my cellphone checked each time I get considered one of these notifications?
It seems I can nonetheless maintain chatting with the very people who Lockdown Mode claims to have blocked. These individuals are fairly actually contacting me, and I’m chatting with them. What’s Lockdown Mode truly doing right here?
Contact Us
Have you ever seen any unusual Lockdown Mode notifications? Or do you do safety analysis on Lockdown Mode? From a non-work machine and community, you’ll be able to contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, or by way of Telegram and Keybase @lorenzofb, or e-mail. You can also contact TechCrunch by way of SecureDrop.
Tapping on Lockdown Mode notifications does nothing. You aren’t redirected to an Apple web site that explains what Lockdown Mode is or does, nor does it clarify what these notifications particularly imply.
“I don’t assume these messages are useful. They don’t embody any context and aren’t actionable, neither is there a method to determine what’s happening,” Runa Sandvik, a hacker who has a startup that helps journalists and different excessive threat individuals shield themselves, advised TechCrunch. “I’d like to see Apple both share extra data in order that we all know what to ‘do’ with them, or not show them in any respect.”
Sandvik and I aren’t the one ones left scratching our chins each time we see Lockdown Mode notifications. Once I wrote about my considerations about Lockdown Mode on social media, several people responded publicly — and in personal — saying they’ve had comparable experiences, and are additionally confused.
My editor Zack Whittaker, for instance, has for months been sporadically getting Lockdown Mode notifications saying “an unknown contact tried to share management of Apple Music,” in addition to a notification that Lockdown Mode “blocked Focus Sharing,” and gained’t be shared with different individuals when in Lockdown” (I additionally get this notification now and again.)
To the lab we go
I made a decision to run an experiment with the assistance of Harlo Holmes, chief data safety officer and the director of digital safety at Freedom of the Press Basis, a non-profit that helps assist the free press. I questioned if it made any distinction — by way of triggering the complicated notifications — whether or not somebody not in my contacts tried to succeed in out to me with Lockdown Mode enabled on my cellphone, and what sort of content material it might block.
We each deleted one another from our contact lists (we’re nonetheless mates although), and began chatting for the primary time ever on iMessage. When Holmes texted me — and neither of us had been in every others’ contact lists — I acquired the “Lockdown Mode blocked…” notification, this time displaying her cellphone quantity. I nonetheless acquired her message.
We exchanged textual content, emojis, a cat image, and iMessage “stickers.” All of those went by means of, apart from the stickers, which turned to both a Unicode character of a query mark, or a nondescript file attachment, which might’t be opened, even in case you faucet on it:
When this occurred, each Holmes and I might nonetheless see the stickers we despatched from our personal telephones, which means the blocking was solely seen to the recipient. That can be the case for the “Lockdown Mode blocked…” notification. I acquired the notification, however Holmes didn’t know I acquired it.
This is sensible, as Apple wouldn’t need to tip-off authorities hackers that their try to hack somebody not solely didn’t work, but in addition alerted the focused person that one thing went flawed.
That’s good to know, and once more, I’m completely satisfied Lockdown Mode blocks one thing, and makes me safer, however I nonetheless don’t know what these notifications are supposed to inform me.
I reached out to Apple asking them for some explanations, however an Apple spokesperson didn’t present on the document remarks by press time. A minimum of the spokesperson acknowledged receiving my message, so I do know Lockdown Mode didn’t block it.