Last year Apple launched a new “extreme” Lockdown Mode as part of iOS 16, designed to protect against cyberattacks and other digital threats. But if you’ve ever wondered how effective the feature actually is, security researchers have some very good news for you.
Cybersecurity and human rights research group Citizen Labs have been analyzing Lockdown Mode’s effectiveness against three zero-day exploits from iOS 15 and iOS 16. At least one of those exploits was blocked by Lockdown Mode, and the first documented case of the feature protecting someone from a targeted cyber attack.
Citizen Labs identified three zero-day exploits on phones suspected to have been hacked by Pegasus spyware — which was developed by Israeli cyber intelligence firm NSO Group. Pegasus is some pretty devastating software, sold exclusively to governments, with the ability to access all the data and files available to the phone's owner — and is often used to target journalists, human rights activists and opposition politicians.
Those exploits have been PWNYOURHOME, FINDMYPWN and LATENTIMAGE. PWNYOURHOME is a two-step exploit targeting HomeKit, followed by iMessage, while FINDMYPWN goes after Find My and iMessage. Less is known about LATENTIMAGE, since Citizen Labs only found traces of the exploit, but it may also have involved Apple’s Find My feature.
All three exploits are zero-click, meaning they require no interaction from the user, and were released throughout 2022. Citizen Labs has also made Apple aware of the exploits, and at least one has already been patched via iOS 16 security updates. Which is a good reminder to keep your phone updated, and ensure maximum protection against any sort of cyber attack.
According to Citizen Labs’ report, iOS 16’s Lockdown Mode offered up real-time warnings when the PWNYOURHOME exploit was attempted against a device. The report also notes that Citizen Labs hasn’t seen the exploit used successfully against a device with Lockdown Mode enabled — but notes that NSO may have found a workaround that stops the appearance of those warnings.
That goes to show that Lockdown Mode does work, even against exploits that Apple previously had no knowledge of. Bill Marczak, a senior researcher at Citizen Lab, told TechCrunch that “The fact that Lockdown Mode seems to have thwarted, and even notified targets of a real-world zero-click attack shows that it is a powerful mitigation, and is a cause for great optimism.”
However, Marczak did note that the nature of Lockdown Mode as an optional feature could still cause issues. “As with any optional feature, the devil is always in the details”, he said. “How many people will opt to turn on Lockdown Mode? Will attackers simply move away from exploiting Apple apps and target third-party apps, which are harder for Lockdown Mode to secure?”