This crafty iPhone attack makes you think your phone is safe…until it’s hacked

Lockdown Mode is useful for a couple of things, but not to protect against malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Lockdown Mode, an iPhone feature introduced with iOS 16, is not an antivirus, does not detect malware, and cannot prevent malware from operating.

Therefore, hackers can create a fake Lockdown Mode and runmalwareoperating in the background unabated, areportfrom Jamf Threat Labs has noted.

“Apple’s Lockdown mode in iOS 16 is a useful feature for certain situations, but if your phone has already been compromised, Lockdown Mode won’t protect you,” the researchers claim. Threat actors can run a Fake Lockdown Mode “which shows that if a hacker has already infiltrated your device, they can cause Lockdown Mode to be “bypassed” when you trigger its activation.”

Making PDFs work

Lockdown Mode was introduced last year with the goal of bringing an extra layer of protection for high-level targets. Think journalists, dissidents, government employees, intellectuals, but also celebrities and similar. It is easy to turn on and makes some features on theendpointunavailable, and some files blocked.

“By tricking the user into believing that their device is operating normally and that additional security features can be activated, the user is far less likely to suspect any malicious activity is taking place behind the scenes,” Michael Covington, vice president of portfolio strategy at Jamf, toldThe Hacker News.

“We did not expect that such a widely publicized security feature would have the user interface separated from the implementation reality.”

One of the ways hackers could abuse this flaw is by changing how Lockdown Mode works inSafariand allowing it to view PDF files (which are unavailable when the feature is active).

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

But Lockdown Mode is not completely useless, the researchers stress. In September this year, CitizenLab discovered that BLASTPASS - a chain of exploits used to deliver the Pegasus malware - was effectively stopped on iOS devices thanks to Lockdown Mode.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

VIPRE Security Group says its new endpoint protection tools can stamp out even the latest cybersecurity threats