Unbreakable? Apple Claims No One Using Lockdown Mode Has Been Hacked with Spyware

Apple has stated that it is not aware of any successful spyware attacks against Apple devices with Lockdown Mode enabled. This claim comes almost four years after the launch of this security feature. Apple spokesperson Sarah O'Rourke confirmed to TechCrunch that no successful attacks have been detected. This announcement reinforces Apple's stance on the robustness of its devices against government spyware threats.

Lockdown Mode was announced in 2022 as a series of optional security protections that turn off certain features on iPhones and other Apple devices. This feature was designed to defend at-risk customers from government spyware threats, developed by companies like Intellexa, NSO Group, and Paragon Solutions. Apple has acknowledged that its customers can be hacked with spyware and has notified affected users in over 150 countries.

Organizations like Amnesty International and Citizen Lab at the University of Toronto have documented successful attacks on iPhone users. However, none of these cases have involved bypassing Lockdown Mode. In at least two cases, Citizen Lab researchers have publicly confirmed that Lockdown Mode actively blocked spyware attacks, one with NSO's Pegasus and another with Intellexa's Predator. Google researchers have observed that spyware will back off if it detects Lockdown Mode.

Patrick Wardle, an Apple cybersecurity expert, believes that Lockdown Mode makes spyware attacks more difficult. Wardle highlights that Lockdown Mode shrinks the attack surface, eliminating many exploitation techniques and forcing spyware creators to use more complex and expensive techniques. It blocks most message attachment types and restricts WebKit features, significantly reducing the remotely reachable attack surface, especially for one-click exploit chains.

Although it is possible that Lockdown Mode has been bypassed undetected, Apple's statement marks a significant milestone. Lockdown Mode may require extra steps for certain functions, such as copying and pasting links. Digital security experts recommend activating Lockdown Mode for those concerned about being targeted by spyware or digital attacks.