Lockdown Mode, Apple’s setting to block hacking attempts, could do more harm than good

Aimed particularly at star users (dignitaries, journalists, businessmen, etc.), Lockdown Mode should be the emergency solution for blocking attacks initiated by professional hackers and state actors with virtually unlimited resources. Unfortunately, checking this setting can be easily detected, further attracting the attention of attackers who may not have found their target yet.

Apple’s initiative is aimed in particular at the Pegasus software, developed by an Israeli company and made available to anyone willing to pay the asking price. Customers include many of the world’s authoritarian governments, as well as the governments of more reputable countries (e.g. the USA), which have ordered the software to “study” it so as not to fall too far behind the latest security trends. Of course, the list is also swelled by other organisations and companies with deep pockets, eager to use Pegasus software to undermine their adversaries.

Predictably, US authorities have rushed to include Pegasus developers on the so-called blacklist of companies banned from any business dealings with other US companies. Also sued by Apple, the Israeli developers are barely managing to run their business, with the company already going through a CEO change and staff layoffs.

Admitting that it faces a formidable adversary, Apple has addressed the Pegasus threat by introducing a barricade setting, which once checked restricts some basic device functions, with the aim of closing any remaining loopholes for potential cyber attacks.

Called Lockdown Mode, the setting blocks automatic generation and display of previews for incoming links and receipt of Face Time invitations from unknown contacts. It also disables certain web technologies that are at high risk of being exploited in cyber attacks, even though the measure could result in certain sites being displayed incorrectly and partially losing their functionality. At the same time, connections to fixed networks that are easy to locate and attack (e.g. LANs) are completely closed on Apple PCs and laptops, while imposing much stricter rules for mobile data connections, avoiding as far as possible the compromise of devices with spyware applications.

Another pain point is the popular software installed on phones, Lockdown Mode severely limiting their functionality as well. According to Apple, the new security option should only be checked in extreme cases, when the user believes they could be targeted by sophisticated cyber attacks.

Apple adds, “When iPhone is in Lockdown mode, it won’t work as it normally does. Apps, websites and features will be strictly limited for security, and some experiences will be completely unavailable.

The problem is that enforcing such severe limitations is very easily detectable to hacker groups who know exactly what to target, simply accessing a website or an error triggered upon initiating a certain connection time to users’ devices can accurately isolate iPhones with Lockdown, among thousands of other phones used without this restriction. That’s how a dissident who has taken every measure to go unnoticed can be identified from the crowd, for example when visiting a foreign country. The danger is all the greater in a country like China, where mass surveillance technologies are virtually ubiquitous.

The bad news is that there’s little Apple can do to avoid luring users into this trap, with Lockdown Mode restrictions aimed at shutting down not-so-easy security exploits that can’t be fixed with simple security updates. As such, Apple’s proposed solution for emergencies may be riskier than the problem itself, with users having to choose between the danger of falling prey to opportunistic hackers and turning their phone into a beacon, announcing their intentions to avoid detection from a great distance.