Comments

Kurt Seifried July 8, 2022 10:41 AM

What I want is a lockdown-lite mode for kids and myself that prevents unknown callers/texts/imessages/etc. from getting through (aka spam). I wish all these push protocols had better controls/ways to change the default handling to be less intrusive.

Winter July 8, 2022 10:43 AM

Apple tells us:

The company is upfront—almost in your face—that Lockdown mode is an option that will degrade the user experience and is intended for only a small number of users.

I looked at that list and I would disable these services in a heartbeat if I could:

The full list of restrictions are:

  • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
  • Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  • Wired connections with a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

I want this lockdown, and I am a low-to-negative value target.

Ted July 8, 2022 12:02 PM

From Apple:

Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2,000,000 — the highest maximum bounty payout in the industry.

That’s a very serious commitment to this project. Yay.

I like that Dan Goodin starts to list the things that Lockdown mode does not block. I hope there is more awareness for users here too.

/dev/null July 8, 2022 12:36 PM

This doesn’t really feel like a solution to me. What you have is poorly designed and written software being “fixed” with what will undoubtedly turn out to be more poorly designed and written software.

I mean otherwise, what changed? It’s the same developers, architectures, techniques, with the same ideas built on the same platform. It’s not like they went back to the drawing board.

In other words, this doesn’t solve the fundamental problems that exist.

Peter July 8, 2022 12:49 PM

I’m surprised by seeing this being advertised as “groundbreaking security capability”. Reducing the attack surface is pretty much the first thing I think of when I think of security. True, it’s not often you see this being advertised as a end-user features but still.

The security levels in Tor Browser fulfill a similar purpose. You can disable features, gain some security, and in turn lose some performance and usability. JIT mentioned in the articles happens to be disabled even on the standard level in Tor Browser.

Another, example would be the Kernel Self Protection Project. It too recommends disabling a great many features with some tradeoffs.

Let’s hope others follow suite.

Peter July 8, 2022 2:27 PM

JIT mentioned in the articles happens to be disabled even on the standard level in Tor Browser.

I was mistaken. It’s only disabled on Safer and Safest levels. It’s just not listed in the linked manual.

Peter July 8, 2022 2:50 PM

This doesn’t really feel like a solution to me. What you have is poorly designed and written software being “fixed” with what will undoubtedly turn out to be more poorly designed and written software.

I mean otherwise, what changed? It’s the same developers, architectures, techniques, with the same ideas built on the same platform. It’s not like they went back to the drawing board.

In other words, this doesn’t solve the fundamental problems that exist.

I though the fundamental problem being approached here was the complexity and this is greatly reduced by having less code running. Let’s take the example of JIT, any JIT has to be considered “poorly designed”, from a security perspective, compared to no JIT.

Larry knows nothing July 8, 2022 3:59 PM

@/dev/null “What you have is poorly designed and written software being “fixed” with what will undoubtedly turn out to be more poorly designed and written software.”

Maybe it’s just me,but does that remind you of Windows? Yeah I know, I’m off topic.

Clive Robinson July 8, 2022 4:25 PM

@ ALL,

From the ARS article,

“Now that Apple has opened the door, it’s inevitable that Google will follow suit with its Android OS, and it wouldn’t be surprising for other companies to also fall in line.”

Will it be “inevitable” or are the journalists just day dreaming?

Apple makes much of it’s money through “selling product”, thus this “lockdown mode” will not be that much of an income suppressor if at all.

Alphabet / Google make a big slice ot it’s money, off of stealing peoples PPI one way or another. If they give this level of “lockdown” then not only will the probably loose revenue, they will get increased pressure to “go further” and enable effective blocking of adds and data stealing.

Something tells me Google will at best be slow to respond, and then only in inefectual ways, unless they can keep their access and only block out those they see as competition.

Which in turn brings up the “legal question” we all know that both Apple and Google could provide an OS and striped down apps that would kill most of this “mal-marketing” and similar and prevent the likes of NSO doing their overly invasive nastyness. But if they did they would kill off other shall we politely call them “vendors” who might just resort to the courts with mischievous legal actions.

I guess we are going to have to wait and see what plays out.

Jonathan Wilson July 8, 2022 5:37 PM

Does this lockdown mode prevent the device from being connected to the kind of gear law enforcement and other agencies are using to slurp up all the data from an iPhone?

Billy Jack July 8, 2022 5:37 PM

The list looks pretty good to me, too.

About the only thing I use my cell phone for are
1) calls
2) communicate with my sister on Telegram
3) check my e-mail

And I don’t check my e-mail or communicate with my sister on my cell phone very often. Usually, just from a laptop or a desktop computer.

The only time I ever browsed anything on a cell phone was when I was in isolation for covid. (When I had covid, I went back to the office and worked after sending everyone else home.)

SD July 8, 2022 6:49 PM

Anyone else feel like those restrictions should be the first bump on a lockdown slider bat with about four more bumps? Penultimate bump disables all WebKit functionality…

lurker July 8, 2022 7:10 PM

@Peter

I though the fundamental problem being approached here was the complexity and this is greatly reduced by having less code running.

How is the code not running? Has it been left out of the startup sequence? Or has it been allowed to start and then had a lid clamped on it? Either way it still smells hackable. Its been a few years since I was close enough to Apple sources to answer those questions . . .

Q July 8, 2022 9:08 PM

I still find it very sad that we must rely upon some for-profit company to be magnanimous enough to allow the users to restrict things. Haha, thanks so much Apple for letting me have some control over things I “own”.

Why are we even here, where the device “owner” has no say over what it does? Oh, I see now, the “owner” has always had full control, it is just that the owner isn’t you, it is Apple.

I am pleased I don’t use any of those spy boxes, either made by Apple or any other maker. I feel no compulsion to submit to their “ecosystem” of spying, manipulation and control.

Rufo Guerreschi July 9, 2022 9:25 AM

From a careful analysis of Apple statement one can conclude that such feature is stately NOT meant to protect against all state spyware, and many forms of state-sponsored spyware.

Here is why:

1) As per its own choice of words on the kind of spyware they are targeting, Apple did NOT create Lockdown Mode to protect against abuse by state spyware – used at home and abroad – or state-sponsored spyware used inside its host state. That is an inevitable compromise for Apple, due to the mechanism it has chosen to ensure legitimate lawful access, which relies on nations “somehow” always finding enough bugs in its systems. In fact, it must allow nation states to spy all they want state spyware abroad and via state and private state-sponsored spyware domestically. If it did not, nations could not fight grave crimes and enemies, and for powerful ones like the US and China, their devices would likely be made illegal.

2) While Apple specifically includes “NSO Group”, do similar firms, that also are that are regulated and overseen by their host nation’s export controls, and spyware that nation directly provides or sales to nation directly, fall out of the definition of “mercenary spyware” from the Geneva Convention as reported in Wikipedia for two reasons:
(a) A mercenary is “recruited for an armed conflict”, while those are overwhelmingly deployed outside conflicts or in undeclared conflicts.
(b) They arguably do not full fill the last of 6 requirements, namely that such mercenary “(f) has not been sent by a State which is not a Party to the conflict on official duty as a member of its armed forces.” – as you can read on Wikipedia at “mercenary”. In fact, if we assume there is a conflict, basic requirement to use the term mercenary, then the governments that approve export and oversee are technically “sending” such combatant spyware to the fight in the conflict.

It is extremely unlikely that such a statement by Apple would have not been vetted very deeply by many highly competent attorneys.

lurker July 9, 2022 3:39 PM

@Peter, “Another, example would be the Kernel Self Protection Project.”

That of course is attempting to protect the flying circus known as the Linux Kernel. Some argue that Apple’s xnu kernel is inherently safer, by limiting itself to core OS functions and thus offering a reduced attack surface.

Xnu however loads kexts (dlls) both at startup, and later when asked by apps. Apple have in recent years worked to sanitize the kext zoo, but this Lockdown Mode seems to leave the existing kext family in place. Hence my question above, how are they stopped from running? Keener minds than mine are busy now on that, and how to get them running again

Petre Peter July 10, 2022 6:35 AM

I like the idea. Anything that makes me more secure without turning me into a security expert is a win for me.

Steve July 10, 2022 6:43 AM

Note: This is only offered to victims of nation state actors, not everyone and their dog. I’m hoping this is basically a trial run before they roll it out for everyone to be able to opt into it.

Spectator July 10, 2022 12:14 PM

If Apple was genuinely committed to the security of the device user, the very first (and a comparably inexpensive) device they would add to the iPhone is hardware battery switch.

JonKnowsNothing July 10, 2022 12:49 PM

@ Spectator

re: hardware battery switch

A switch is just a switch and a rotten apple is still a rotten apple…

Any setting for a switch, slider, toggle or LED is no guarantee the setting actually does anything more than slide, toggle, light up a LED with a corresponding change is state.

Better than a switch, an ezpz removable battery and a reasonable method of determining remaining on-board capacitor+energy store or method of full system discharge would be a better option than a switch.

It might even improve the End User Experience of replacing Swelling and Exploding Batteries.

Then there are those 10yr LI batteries in smoke detectors and on PC Motherboards. You have to wait 10 years for those to discharge…

Winter July 10, 2022 1:08 PM

@JonKnowsNothing

Any setting for a switch, slider, toggle or LED is no guarantee the setting actually does anything more than slide, toggle, light up a LED with a corresponding change is state.

Hardware switches have been known to work since the dawn of electricity. I do not see why Apple could not use them to disconnect the battery?

I know they could fake it and say it was a hardware switch, but that would be fraud. Doing that could be “costly” for a company.

lurker July 10, 2022 1:46 PM

@Winter, JKN, Spectator

A real switch, in terms of modern electronics, is big, mechanical, unreliable. It makes the phone larger, allows entry of dirt and moisture, and can be broken by the user more easily than a software switch.

A removable battery of the same physical size as one sealed inside the device, will have less capacity, because of the strengthened wrapper required to protect it from users who cannot be trusted to handle it with the care it deserves. Removing the battery requires opening the phone, allowing the entry of dirt and moisture.

My personal preference is for one or both of these features. Apple prefers the marketing advantage from a perceived improvement in phone size and reliability by not having them. I am not the target demographic.

JonKnowsNothing July 10, 2022 2:52 PM

@ lurker, @Winter, @Spectator

re: relative reliability of method

For each item that might be done there are existing RL examples of application.

Battery removal has been available long term for End Users for all sorts of devices. We manage pretty well to get the + and – in the right direction. Claiming we are too careless or stupid to orient a keyed battery is well… selling yourself short.

Companies do shoot themselves in the foot all the time, they just hope that no one notices or cares… They adopt the Government Policy Attitudes: Did you see what we did there??? UBER is getting a trashing (aka UBERSPLAT), Musk isn’t a cologne, and Food is more important than whether a battery lasts 4 hours or 5.

===

MSM links

  • What are the Uber files? A guide to cab-hailing firm’s ruthless expansion tactics

ht tps://www.theguardian. com/news/2022/jul/10/what-are-the-uber-files-guide

  • Can Elon Musk really walk away from $44bn Twitter takeover?

ht tps://www.theguardian. com/technology/2022/jul/10/can-elon-musk-really-walk-away-from-44bn-twitter-takeover

  • Hummus supplies to dip as weather and Ukraine war cause chickpea shortage

ht tps://www.theguardian. com/business/2022/jul/08/hummus-supplies-climate-ukraine-war-chickpea-shortage

(urls lightly fractured)

lurker July 10, 2022 3:40 PM

@JonKnowsNothing

Removable phone batteries are indeed keyed to prevent wrong polarity connection. They also have strong cases to protect the fragile lithium electrodes. If they had only the thin skin of sealed in batteries they would be a form of incendiary bomb. The thicker case causes a reduction in internal volume and hence in electrical capacity. This is an important marketing difference for those with range anxiety.

I can report little success with chickpeas: too much rain during ripening; and they attract more insect pests than I have seen on other crops.

Spectator July 11, 2022 12:59 AM

“hardware battery switch” was simply a shorthand for a “reliable, user-controlled method of making the device completely inoperable for a duration”. There is more than one way to achieve this, and it will be make/model/product dependent.

The real issue here is why is there no sufficient demand for such feature, or, if there is, what are all the reasons why a product with such feature is not generally available?

Clive Robinson July 11, 2022 5:13 AM

@ Spectator, ALL,

The real issue here is why is there no sufficient demand for such feature, or, if there is, what are all the reasons why a product with such feature is not generally available?

The reliability, safety, and physical reasons have already been given to you by those commenting before you.

However there are two other asspects to consider,

1, Cost.
2, Marketing dept.

All of what you suggest involve higher cost for potentially no benifit to by far the majority of users. In fact as they all make the product less reliable within the warranty period, they would all cost more to the company than any conceivable benifit to their “market”.

The Marketing Dept dependent on how you view them has either to little or too much say, and likewise slice of product development exprnditure.

However in most cases the Marketing Dept gets to have the say on specifications before anyone else does, thus it tends to be way way to much effort to argue against them, as many FMCE product designers have found to their career trajectory cost.

The fact that whilst NiCad bateries had a low life expectancy of around 200 charge cycles, which ment they were likely to fail in warranty for a small percentage of users hence the reason batteries were made replacable. That nolonger realy applies as Lithium technologies now has upwards of 2500 charge cycle life times and better fail charecteristics.

So the money to be saved in production and warranty costs alone would justify what has happened to mobile phones. But it also alows the marketing Dept to waste those savings on alledged tactile advantages such as custom parts with curved edges etc etc…

Then there is still an eye watering amount of money to be made in “no warranty repairs” as many users have found trying to get a warranty repair without significant cost is just about impossible, including when due to battery design faults some phones did “spontaneous combustion” in users pockets or up against their ear… It was only “bad press” that got that sorted.

So if you want such a feature, then go online find out how to open the phone, thus voiding warranty and resale value, and then locate the battery sub-unit and find out how to cut the power… But be warned many phones Apple’s included assume that the case will never be opened by others without “proper” tools and diagnostic access. Thus their designs are such that removing the power would be seen by the system as a “potentialy dangerous fault” and it either not work after power is restored or work in some reduced or deficient fashion.

So “Pays your money makes your choice”…

Quantry July 11, 2022 11:59 AM

If you flip this offering on it’s head, I read the confession as

“if you DON’T use lockdown mode, you ARE vulnerable to mercenary spyware, but admit it, cute functionality out-of-the-box is universally more important than NOT having your pants around your ankles by default.”

Im curious what iPhone model is minimum to run iOS-16. So you a buy another phone and its odds-on that you hate the feature anyway? Someone ran the numbers, bet on it.

Re: battery switches and removable batteries, why not rather use a high grade faraday bag, and charge more frequently. All may reduce user exposure, but the point of this thread is about widely recognized in-use exploits.

Chris Drake July 15, 2022 11:48 PM

“Apple only offers unencrypted iCloud backups” … So what’s the point of a “lockdown mode” that’s instantly subverted by other means?

Anonymous July 17, 2022 8:55 PM

If there is remotelty accessible exploitable memory corruption it’ll be found… Pretty sure they don’t turn off the baseband or eliminate all network features…

Apokrif July 19, 2022 7:13 AM

My personal preference is for one or both of these features. Apple prefers the marketing advantage from a perceived improvement in phone size and reliability by not having them.

Nothing prevents a manufacturer from making different types of phones, meeting different needs.

Ttron August 5, 2022 3:25 AM

Switch to a dumb phone in flight modus for a better lockdown mode experience, I’d say..

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.