The FBI admits its inability to access a secured iPhone belonging to Washington Post journalist Hannah Natanson.
<div class="media-with-label__label">
Source: <a href="http://www.apple.com" target="_blank">Apple</a>
</div>
</figure>
</div>
</div>
</div>
</div>For those curious about the robustness of Apple’s Lockdown Mode, the Federal Bureau of Investigations (FBI) has provided clarity — a positive development for journalists, corporate executives, civic figures, and anyone entrusted with sensitive information.
Amidst an active inquiry into purported disclosures of classified data to news outlets, the FBI executed a contentious search of Washington Post journalist Hannah Natanson’s residence, confiscating her electronic gear, notably an iPhone.
During the raid, the iPhone was protected by Lockdown Mode. Consequently, the FBI submitted the device to its Computer Analysis Response Team (CART), who were unsuccessful in retrieving its contents due to the iPhone’s activated Lockdown Mode. This outcome is probable because the mode, when active, inhibits wired connections between the iPhone and external devices, a method frequently employed by US law enforcement to circumvent security protocols.
This serves as a prime illustration of an Apple feature performing precisely as designed.
Sophisticated Cyberattacks Are Widespread
“Lockdown Mode offers an optional, enhanced level of security tailored for a select group of individuals who, owing to their identity or profession, could become direct targets of the most advanced digital threats,” states Apple.
It’s well-established that ‘surveillance-as-a-service’ companies are actively targeting individuals matching Natanson’s profile, alongside business and political figures, activists, and celebrities. As recently as last December, Apple was compelled to issue alerts to users in 84 countries regarding potential targeting by such assaults. To date, warnings have been issued to individuals across 150 nations.
Consider a police raid on a journalist outside the United States, and the utility of Lockdown Mode becomes significantly clearer. This feature empowers journalists and other prominent individuals to utilize their secured devices with greater confidence in their professional activities.
While the journalist was compelled to unlock her Touch ID-enabled MacBook by investigators — a common power police have over biometrically secured devices — Natanson withheld the passcode for her personal laptop, which lacks biometric protection, thereby keeping it inaccessible to authorities.
Understanding Lockdown Mode: Features and Functionality
Unveiled in 2022, Lockdown Mode presented a dual advantage: it significantly enhanced device security while simultaneously elevating the cost and complexity involved in developing sophisticated attacks. Apple characterizes this safeguard as “substantially narrowing the potential attack vectors that could be exploited by highly focused mercenary spyware.”
Activated through the Privacy & Security section within iPhone Settings, Lockdown Mode necessitates certain trade-offs in device functionality in return for its superior protective capabilities.
When enabled, those compromises include:
- Except for images, most types of message attachments are disabled.
- Previews for links are inactive.
- Biometric authentication methods are suspended.
- Advanced web functionalities, like just-in-time (JIT) JavaScript compilation, are turned off.
- Unless the user has initiated prior contact, incoming invitations and service requests, including FaceTime calls, are automatically blocked.
- Connections via wire to computers or accessories are prevented.
- Installation of configuration profiles is prohibited.
- The device is unable to enroll in mobile device management (MDM) systems.
These restrictions are implemented at the operating system’s kernel and sandboxing layers, rendering them exceptionally resistant to any attempts at circumvention. This inherent robustness signifies that Lockdown Mode offers a formidable challenge for attackers to bypass.
The full extent of this resilience remains unknown, and it’s unclear if the FBI, in this specific instance, possessed more advanced tools to breach Natanson’s phone. Nevertheless, we now have definitive confirmation that Lockdown Mode is capable of providing the level of security essential for high-profile targets.
At a minimum, such protection could afford targets crucial time should governmental bodies or other adversaries seek access to sensitive sources. For individuals identified as high-value targets, it is prudent to activate this safeguard during vulnerable situations like travel, critical negotiations, or upon receiving a threat alert. Employing lengthy and intricate alphanumeric passwords is also advisable.
Is it universally applicable?
“Although most users will not encounter highly specialized cyberattacks, we are committed to relentlessly safeguarding the select few who might,” stated Ivan Krstić, Apple’s head of Security Engineering and Architecture, upon the feature’s introduction four years prior.
It is generally acknowledged that Apple’s platforms possess inherent security. However, Apple further enhances this with supplementary optional security functionalities, such as Advanced Data Protection for encrypting device backups and Wallet Passes, and a feature known as Inactivity Reboot, which compels devices to restart after a period of inactivity, thereby requiring a password for subsequent access.
Furthermore, Apple incentivizes security researchers with bounties for successfully bypassing Lockdown Mode and consistently rolls out security updates across all its platforms.
The company evidently recognizes that in the digital realm, collective security is paramount. This principle holds true despite persistent conflicts between digital privacy and law enforcement agendas, especially in nations with extensive surveillance, like the UK.
