Researchers have discovered a way to subvert "Lockdown Mode," Apple's most stringent security protection for iOS.
The company
first introduced Lockdown Mode last year, after a marked increase in
nation-state-developed, zero-click
exploits for iPhones. The new feature was designed to protect particularly vulnerable users — for example, activists and journalists in the crosshairs of dictatorships — by shutting off or otherwise significantly reducing features of the device that hackers love best.
In practice, however, this mode turns on a small number of identifiable functions, only some of which are newly protected within the device's kernel. As a result, on Dec. 5, analysts from Jamf Threat Labs were able to demonstrate
how to subvert Lockdown Mode, delivering a like-for-like user experience while still allowing cyberattacks to persist underneath the surface.
"The important thing to remember is that lockdown mode is not malware prevention," explains Michael Covington, vice president of portfolio strategy at Jamf. "It's not a malware detection tool. It's not something that can block malware that's already installed. And it can't limit the efficacy of malware, and it doesn't stop data exfiltration or communication with command and control."
www.jamf.com
