Security News Apple 'Lockdown Mode' Bypass Subverts Key iPhone Security Feature

[silversurfer]

Content source

https://www.darkreading.com/endpoint-security/apple-lockdown-mode-bypass-subverts-iphone-strongest-security-feature

Researchers have discovered a way to subvert "Lockdown Mode," Apple's most stringent security protection for iOS.

The company first introduced Lockdown Mode last year, after a marked increase in nation-state-developed, zero-click exploits for iPhones. The new feature was designed to protect particularly vulnerable users — for example, activists and journalists in the crosshairs of dictatorships — by shutting off or otherwise significantly reducing features of the device that hackers love best.

In practice, however, this mode turns on a small number of identifiable functions, only some of which are newly protected within the device's kernel. As a result, on Dec. 5, analysts from Jamf Threat Labs were able to demonstrate how to subvert Lockdown Mode, delivering a like-for-like user experience while still allowing cyberattacks to persist underneath the surface.

"The important thing to remember is that lockdown mode is not malware prevention," explains Michael Covington, vice president of portfolio strategy at Jamf. "It's not a malware detection tool. It's not something that can block malware that's already installed. And it can't limit the efficacy of malware, and it doesn't stop data exfiltration or communication with command and control."

 

[upnorth]

Jamf Threat Labs: Fake Lockdown Mode proof of concept

JTL security researchers discover how Lockdown Mode on iOS can be manipulated by a threat actor on compromised or jailbroken iPhones to trick users into believing that their device is protected by Lockdown Mode when in reality when in fact, it's not.

www.jamf.com