As a paranoid journalist, I am an avid user of lockdown mode, Apple's opt-in “Extreme Protection” feature.
Apple launched lockdown mode in 2022, and since then security features have been viewed as essential use as opposition from corrupt countries, human rights advocates of oppressive administrations, and journalists who have spoken the truth to power.
Lockdown mode is designed to turn off some features on iPhone, iPad and Mac, and is intended to reduce the likelihood that hackers have been armed with sophisticated spyware or zero-days. This could help to successfully protect Apple's operating system and use spying to protect unknown flaws in the system that allow attackers to secretly exploit them.
In fact, lockdown removes normal Apple device features, such as fonts loaded from the internet, the ability to receive certain types of files, location data from photos you share, support for 2G cellular connections, and regular Apple device features that allow you to contact us before reaching Fasety Time. It is unclear whether the latter applies (more on later).
In exchange for these annoying things, lockdown mode makes it difficult to hack even some of the most advanced hackers.
Lockdown mode already has a proven track record of blocking these advanced attacks. Apple says it is not aware that hacking against users who have enabled lockdown mode has not been successful, and the digital rights group Citizen Lab documents attempts to spyware attacks blocked by lockdown mode. I personally have heard some people in the offensive security industry complain about how lockdown mode makes their exploits even more difficult.
However, three years after its debut, the very mechanism of lockdown mode is engulfed in obscurity, and there is no explanation for what action lockdown mode will take. Also, some of the lockdown mode notifications are totally confused, unexplained, or seemingly random, which can discourage some users from using lockdown mode entirely.
I've been blocked, why?
Let's put this as a preface to say that anyone at risk from government hackers should use lockdown mode, even considering the associated restrictions.
These limitations are not an issue. Lockdown mode notifications are becoming increasingly inexplicable.
A proper case: The other day I received this lockdown mode notification (below) from nowhere, mentioned someone under a name that I haven't discussed for several months, and then mentioned someone who has not received a message or call. Following this notification, when I asked if she had tried to contact me, she said no, she didn't.
Someone told me that while they were scrolling through their contacts, one of their friends saw a notification that “blocked lockdown mode…” that turned on his name.
but why?
For months I've been receiving the same notification by telling me that someone has blocked me from “contacting” each time lockdown mode uses iMessage.
These notifications often pop up when I'm already sending a message to that person in an imagesage. It is unknown whether this will stop retrieving messages.
Hell, maybe this means I'm being hacked or at least targeted? Do I need to check my phone every time I get any of these notifications?
You can see that you can continue chatting with the very people who claim that lockdown mode is blocked. These people are literally contacting me and I'm chatting with them. What is actually lockdown mode here?
Have you seen the strange lockdown mode notification? Or are you doing security investigations in lockdown mode? From unprocessed devices and networks, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382, via Telegram and Keybase @lorenzofb, or by email. You can also contact TechCrunch via SecureDrop.
Tap the lockdown mode notification and you'll see nothing. You are not redirected to an Apple website explaining what lockdown mode is and do not explain the meaning of these notifications.
“I don't think these messages are useful. Runa Sandvik, a hacker with startups that help journalists and other high-risk people protect themselves, told TechCrunch. “I'd like to see Apple share more information and know that they're going to 'do' them, or show them at all.” ”
Sandvik and I are not alone whenever I see a lockdown mode notification. When I wrote about concerns about lockdown modes on social media, several people said they were in public and private, having had similar experiences and confused.
For example, my editor Zack Whittaker has been notified that “unknown contacts trying to share controls on Apple Music” and that lockdown mode has sporadically received notifications that “focus sharing has been blocked” and that they will not be shared with others during lockdown” (and I get this notification from time to time.
I'm going to the lab
I decided to experiment with the help of Harlo Holmes, Chief Information Security Officer and Director of Digital Security at the Freedom of the Press Foundation, a nonprofit that supports the Free Press. I wondered if someone in my contact had tried to reach out to me by enabling lockdown mode on my phone and reaching out to me, and whether it was something to block, that would make a difference, and that would make a difference.
We both removed each other from our contact list (we are still friends), and started chatting for the first time on iMessage. When Holmes texted me, and neither of us was on each other's contact lists – I got a “Lockdown Mode Block…” notification. This time I displayed her phone number. I still received her message.
We exchanged text, emojis, cat photos and “stickers.” All of these have passed except for stickers that have been altered to either the Unicode character of the question mark or the attachment of an unexplained file that cannot be opened by tapping it.
When this happened, Holmes and I were still able to see the stickers they sent from their phone. In other words, blocking was only visible to recipients. This also applies to “Lockdown Mode Block…” notifications. I got the notification, but Holmes didn't know I got it.
This makes sense because Apple doesn't want to defeat government hackers who not only did their attempts to hack someone wrong, but also warned targeted individuals that something went wrong.
That's good to know, and again, I'm happy lockdown mode blocks anything and makes me safer, but I still don't know what these notifications should tell me.
I'm asking Apple for some explanations, but Apple's spokesperson did not provide record-breaking remarks by recording time. I know that lockdown mode didn't block because at least the spokesman admitted to receiving my message.