Shocking Discovery: iOS Lockdown Mode Faked, Users Unprotected Against Malware Threats!

Shocking Discovery: iOS Lockdown Mode Faked, Users Unprotected Against Malware Threats!
(Image: Justin Sullivan/Getty Images)

Researchers from Jamf Threat Labs have exposed a manipulation technique that can fake the lockdown mode on iOS, misleading users into a false sense of security. If a target device is already infected with malware, this technique can deceive the user through visual alterations, making it seem like the lockdown mode is active when it’s actually not.

The lockdown mode, also known as the Block Mode, is a specific security feature introduced in September 2022 aimed at safeguarding Apple devices from potential cyberattacks. Indeed, it has reportedly thwarted several attacks.

“To reduce the potential attack surface that highly specialized illegal spyware could exploit, certain apps, websites, and features are significantly restricted for security reasons, and some functions may not be available,” Apple explains in its support section regarding this feature.

Lockdown mode doesn’t protect against installed malware

However, Jamf researchers caution that while the lockdown mode reduces the attack surface, it cannot prevent the execution of malware on an already compromised device. The function is effective only in reducing the number of entry points available to an attacker before an attack occurs.

If malware is already present on an iPhone, it can introduce a code to create a fake lockdown mode. When a user activates the lockdown mode on such a device, they may see the usual visual cues indicating that the function is active. Yet, in reality, there is no configuration change happening to protect against attacks.

No iOS vulnerability

The researchers have shared technical details in their report on how to implement such a fake lockdown mode. They demonstrate its effects in a short video clip: while the genuine Block Mode protects the user in the Safari browser by prompting an additional security check before downloading a potentially dangerous PDF file, the same file is downloaded immediately without any prompt in the fake lockdown mode.

The researchers emphasize that they did not exploit any iOS vulnerability; it’s solely a manipulation technique for already infiltrated devices. So far, there have been no reported instances of this technique being used for real attacks. The Jamf researchers previously presented a similar manipulation technique in August, then focused on iOS’s airplane mode.

Previous articleAMD vs. Intel: Sneaky CPU Naming Tricks Revealed – Buyer Beware!
Next articleRevolutionary iPhone Update Unveiled: Faster Wireless Charging with Magnets in iOS 17.2!
Carl Woodrow
A seasoned tech enthusiast and writer, Carl delves deep into emerging technologies, offering insightful analysis and reviews on the latest gadgets and trends.