Security News Apple 'Lockdown Mode' Bypass Subverts Key iPhone Security Feature


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
Researchers have discovered a way to subvert "Lockdown Mode," Apple's most stringent security protection for iOS.

The company first introduced Lockdown Mode last year, after a marked increase in nation-state-developed, zero-click exploits for iPhones. The new feature was designed to protect particularly vulnerable users — for example, activists and journalists in the crosshairs of dictatorships — by shutting off or otherwise significantly reducing features of the device that hackers love best.

In practice, however, this mode turns on a small number of identifiable functions, only some of which are newly protected within the device's kernel. As a result, on Dec. 5, analysts from Jamf Threat Labs were able to demonstrate how to subvert Lockdown Mode, delivering a like-for-like user experience while still allowing cyberattacks to persist underneath the surface.

"The important thing to remember is that lockdown mode is not malware prevention," explains Michael Covington, vice president of portfolio strategy at Jamf. "It's not a malware detection tool. It's not something that can block malware that's already installed. And it can't limit the efficacy of malware, and it doesn't stop data exfiltration or communication with command and control."

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.