This crafty iPhone attack makes you think your phone is safe…until it’s hacked
Lockdown Mode, an iPhone feature introduced in iOS 16, is not an antivirus, does not detect malware, and cannot prevent malware from running.
Therefore, hackers can create a fake Lockdown mode and run malware unabated in the background report from Jamf Threat Labs noted.
“Apple's Lockdown Mode in iOS 16 is a useful feature for certain situations, but if your phone has already been hacked, Lockdown Mode won't protect you,” the researchers claim. Threat actors can perform a Fake Lockdown Mode “which shows that if a hacker has already infiltrated your device, they can cause Lockdown Mode to be “bypassed” when you activate it.”
Making PDFs work
Lockdown mode was introduced last year with the aim of providing an extra layer of protection for high-level targets. Think of journalists, dissidents, government employees, intellectuals, but also celebrities and the like. It is easy to enable and will make some features unavailable on the endpoint and block some files.
“By allowing the user to believe that their device is operating normally and that additional security features can be activated, the user is much less likely to suspect that malicious activity is taking place behind the scenes,” said Michael Covington, vice president of portfolio strategy at Jamf, told The hacker news.
“We didn't expect that with such a widespread security feature, the user interface would be separated from the implementation reality.”
One of the ways hackers can exploit this flaw is by changing the way Lockdown Mode works in Safari and allowing the program to view PDF files (which are unavailable when the feature is active) .
But the Lockdown mode is not completely useless, the researchers emphasize. In September this year, CitizenLab discovered that BLASTPASS – a set of exploits used to spread the Pegasus malware – was effectively stopped on iOS devices thanks to Lockdown Mode.