Lockdown mode, what is it for and how to use it?

--

If you think you’re in a high-risk area with the possibility of being targeted by mercenary spyware, or you just don’t mind losing some iOS features for added security, Apple’s Lockdown mode is surprisingly useful. .

in 2022 With the release of iOS 16 and macOS Ventura, Apple debuted Lockdown Mode for people at particular risk of being targeted by spyware. The feature is essentially a set of iOS and macOS configurations that limit or block little things like viewing links in the Messages app and sharing albums in Photos. Block or lock mode also limits the device’s ability to receive unwanted messages, such as FaceTime calls from phone numbers and accounts that have never been called before. Features like SharePlay and Live Photos also don’t work.

In iOS 17, Apple has improved the operating system and added more security-oriented restrictions. The company has consistently emphasized that Lockdown Mode isn’t intended for most people’s normal use, but you can try it out, especially if you think you’re at risk, and you’ll find that the restrictions aren’t too inconvenient, but they do severely limit hackers.

After enabling Lock Mode, you simply need to confirm the setting change using your device’s PIN or biometric authentication in the Privacy & Security section of your settings and then reboot your device to allow the system to apply all the restrictions. Enabling “Block Mode” is similar to changing the device’s language – the system must fully adapt to the new configuration. After rebooting your device, everything will look pretty much back to normal.

When malware developers target Apple devices, they exploit weaknesses in sophisticated iOS and macOS features in their attacks, especially features that facilitate communication and data sharing and handle different file types and information formats. Block Mode thus aims to make it much more difficult for commercial spyware vendors or other motivated and well-resourced actors to create exploit chains that combine vulnerabilities in multiple iOS or macOS features to take control of devices. Enabling this security feature makes it harder and less fun for the user to share links, GIFs, and embeds in apps like Messages. There are also limitations on services like HomeKit.

For example, after enabling Lockdown Mode, you can still use Apple Pay, but its integration with other applications is not as smooth. If someone sends you a payment through Apple Cash, you can receive it, but you’ll only get a very general, vague message in Messages that something happened — and you might not realize someone sent you money in Apple Cash. Links don’t expand when you send and receive them, and if you send or receive a link to an image or other file, it will be sent as text, a plain URL without an image and an active link that would let you automatically open the link in your browser.

As part of its latest “Block Mode” updates in June, the company added support for the Apple Watch and began automatically removing geolocation data from shared photos. The improvements also block devices from connecting to unsecured Wi-Fi networks and 2G cellular networks by default. This protection is designed to protect against malicious Wi-Fi networks and a mobile data monitoring tool called “stingrays[1]“.

This set of updates enabled “more secure wireless defaults, media management, media sharing defaults, sandboxing (sandbox) and optimizing network security,” Apple said in a statement. “Enabling Lockdown Mode further strengthens the device’s security and severely restricts certain functions, greatly reducing the possibility of an attack for those who need additional protection.”

“Block Mode” also imposes certain restrictions on Internet browsing in Safari and other browsers. If it affects the important features and performance of certain sites that users trust, they can add them individually to the “excluded sites” list. Users can also optionally disable lock mode restrictions for some third-party apps, such as Gmail.

However, this feature doesn’t have many settings that the device user can change, as the key is to keep everything locked down. But basically, you can still use your device normally after you enable Lock Mode. Sometimes you’ll miss a call from someone you’ve never interacted with digitally before, or you’ll need extra seconds to see what a friend is trying to share with you, but over time the limitations become more meaningful, intuitive, and easy to live with. As one Reddit user put it: “Largely useful. You won’t even notice this feature is enabled until you run into the cons.”

When this security feature is enabled, everything seems to work as usual, apart from some trivial details, but sometimes you can “bump into the security wall” to perform a certain action.

“It’s a great extra layer of security for Apple,” says Patrick Wardle, a longtime Mac security expert and founder of the Objective-See Foundation. “However, balancing security and usability is very difficult, and it shows that convenience is king for most people, including me.” I turned off lock mode because it blocked the feature of showing two-factor SMS codes as autofill options on websites, forms, etc. I think Apple handled it well, but as soon as it affected a feature that I love and use often, I turned it off.”

For some, it’s the loss of shared albums in the Photos app. For others, they are limitations to enjoyment memes with friends. But if you really need Lockdown Mode for digital security and personal protection, throwing your phone overboard is a viable alternative (unless you really need your phone, then you’ll have to turn Lockdown Mode on and live with its minor but sometimes annoying limitations).

How to turn on lock mode

If you’ve read this far, maybe this is really relevant to you.

To get the full set of security measures, you should update all your devices to the latest software version and enable lock mode on all your devices.

  • Block mode must be enabled separately for your iPhone, iPad, and Mac devices.
  • When you turn on Lock Mode on your iPhone, it’s automatically turned on for the paired Apple Watch.
  • When you turn on Lockdown mode for one of your devices, you’ll be prompted to turn it on for other supported Apple devices.

When you turn on lock mode, when an app or feature is restricted, you can be notified by a notification, e.g. Safari’s banner shows that block mode is on.

How to enable lock mode on iPhone or iPad

  1. Open the application Settings (settings).
  2. Touch it Privacy & Security (privacy and security).
  3. Scroll down, tap Lockdown Mode (lock mode), then tap Turn On Lockdown Mode (enable blocking mode).
  4. Touch it Turn On Lockdown Mode (enable blocking mode).
  5. Touch it Turn On & Restart (turn on and restart), then enter the device password.

How to Enable Lock Mode on Mac

  1. Select Apple menu → System Settings (system settings).
  2. In the sidebar of the application window that opens, click Privacy & Security (privacy and security).
  3. Click Lockdown Mode (lock mode), then click Turn On…
  4. Click Turn On Lockdown Mode (enable blocking mode). A user password may be required.
  5. Click Turn On & Restart (turn on and restart).

How to remove apps or websites from blocking mode

When your device is in lockdown mode, you can remove an app or website from Safari so that it is not subject to WebKit restrictions. Only remove trusted apps or websites and only when necessary.

iPhone or iPad

To remove a site while browsing: Tap the Page Settings button AA, then tap Website Settings. Then turn off Lockdown Mode →.

To unblock an application or edit unblocked sites, follow these steps:

  1. Open it Settings application (settings).
  2. Touch it Privacy & Security (privacy and security).
  3. In part Security (security) touch Lockdown Mode (lock mode).
  4. Touch it Configure Web Browsing (configure web browsing).

To remove an application, disable it in the menu. This list only shows apps that you’ve opened since you entered lock mode and that have limited functionality.

To edit the removed sites, tap Excluded Safari Websites (Safari sites removed) → edit (edit).

on a Mac computer

To remove a site while browsing: Select from the menu bar SafariSettings for [svetainė] ([svetainės] provisions). Then remove the marker Enable Lockdown Mode (enable blocking mode). To add the site again, place the check mark in the box again.

To edit removed sites:

  1. Select Safari from the application menu bar SafariSettings (settings).
  2. Click Websites (sites).
  3. In the sidebar, scroll down and click Lockdown Mode (lock mode).
  4. Enable or disable the menu next to the configured website Lockdown Mode (lock mode).

Configuration profiles and managed devices

If “Block Mode” is activated on the device, new configuration profiles cannot be installed (‌configuration profile) and the device cannot be registered to mobile device management (management profile) or device maintenance (Mobile Device Management – MDM) in the solution. If a user wants to install a configuration profile or a management profile, they must disable lockout mode, install the profile, and re-enable lockout mode if necessary. These restrictions prevent hackers from trying to install malicious profiles.

A device registered with the mobile device management solution before entering lock mode remains under control. System administrators can install and remove configuration profiles on that device. “Block Mode” is not a configurable mobile device management option for system administrators, as it is intended for a very small number of users who may be at risk of highly dangerous cyber-attacks.


1 Stingray is a controversial spying device that pretends to be a legitimate cellular (GSM) tower, fooling the phone and forcing the device to connect to it and reveal its location. The US government has tried unsuccessfully to cover up this spying device. The fact that the existence of this device has not been concealed does not mean that it is not being used by governments (and perhaps other actors). ↩︎


The article is in Lithuanian

Tags: Lockdown mode

-

PREV Most Poles oppose the introduction of the euro
NEXT BMW presented the X-series electric car-vision – it can also be used as a source of electricity