[HN Gopher] About Lockdown Mode
___________________________________________________________________
About Lockdown Mode
Author : hjuutilainen
Score : 172 points
Date : 2022-09-14 20:15 UTC (2 hours ago)
(HTM) web link (support.apple.com)
(TXT) w3m dump (support.apple.com)
| Arrath wrote:
| The ability to exclude apps or websites from the lockdown seems
| at the face of it to reintroduce attack surface that lockdown
| mode is meant to prevent.
|
| Countdown to some 0day no-click exploit that adds an app or
| service or site to the exclusion list and then proceeds with a
| further attack?
| Shank wrote:
| > Countdown to some 0day no-click exploit that adds an app or
| service or site to the exclusion list and then proceeds with a
| further attack?
|
| What type of exploit would be able to add something to the
| exclusion list but _not_ already perform arbitrary code
| execution and just attack the system directly? This seems
| incredibly unlikely -- and roundabout, because you 'd still
| have to get the browser to load the page.
| [deleted]
| Arrath wrote:
| I honestly haven't a clue, really just spit-balling after
| reading the link.
| sideshowb wrote:
| Maybe they could compromise the server of someone else's site
| that's on the exclusion list?
| 1f60c wrote:
| The only way I can think of that could work is if an attacker
| made a website (and convinced the target to visit it) that said
| something like:
|
| > Tap Aa > Disable Lockdown Mode to view _News Org_ secure
| content
|
| Similarly to how malicious Word docs get users to enable
| macros.
| yuan43 wrote:
| > Lockdown Mode is an optional, extreme protection that's
| designed for the very few individuals who, because of who they
| are or what they do, might be personally targeted by some of the
| most sophisticated digital threats. Most people are never
| targeted by attacks of this nature.
|
| The list of restrictions doesn't seem to inhibiting - for those
| who have used it, what are the points that stand out? Is this
| something designed for habitual use or under specific situations?
| rooster8 wrote:
| Been using since it came out over a month ago. The biggest
| annoyances are:
|
| 1. You cannot tap on any links in iMessage. You have to hold
| your thumb down on the link, copy it to clipboard, switch to
| Safari, paste
|
| 2. If someone posts a gif in an iMessage thread, it doesn't
| show up
|
| 3. All inbound requests for FaceTime calls seem to be
| automatically blocked, even when they are coming from people
| who are favorites in my contacts. I haven't looked into why
| yet. Maybe it's because I don't have their phone number saved
| with a `+1` prefix in my contacts?
|
| Other than that it's hardly noticeable, and I think it's
| fantastic that we now have this option.
| Marsymars wrote:
| > 2. If someone posts a gif in an iMessage thread, it doesn't
| show up
|
| This sounds like a positive for me. I disable animations in
| chat whenever it's an option.
| tylerhou wrote:
| The linked article says
|
| > Incoming FaceTime calls are blocked unless you have
| previously called that person or contact.
|
| So you may have to call them first, even if they are a
| favorited contact.
| dereg wrote:
| Seems well thought out. It prevents someone from
| maliciously adding their phone number to, say, your mom in
| Contacts.
| oceanplexian wrote:
| Is this really a feature people want? I can't imagine any
| situation where I'd want to allow unsolicited FaceTime
| calls (99% of the time it's some kind of spammer)
| rooster8 wrote:
| Thank you! TIL that I never initiate calls with the most
| important people in my life.
| Retr0id wrote:
| I've been using it for the past few days. I mainly use my phone
| as a text-based communication device, with occasional feed-
| scrolling (such as reading HN or twitter).
|
| So far, the only annoyance is that sites relying on custom
| fonts for icons can end up with indecipherable UI elements
| (e.g. a button with a "refresh" icon is now just a button with
| an empty square)
| jason-phillips wrote:
| You can add an exception for those sites in safari
| ievans wrote:
| Notable highlights for me:
|
| > Lockdown Mode is available in iOS 16 and coming soon in iPadOS
| 16 and macOS Ventura.
|
| > Web browsing - Certain complex web technologies are blocked,
| which might cause some websites to load more slowly or not
| operate correctly. In addition, web fonts might not be displayed,
| and images might be replaced with a missing image icon.
|
| The first sentence I believe is referring to disabling JIT (just
| in time compilation of Javascript), which is dangerous as it
| allocates W+X pages which are often used by the final stage of an
| exploit. Apple did an amazing job already of hardening iOS by
| severely restricting which applications can use JIT (and this is
| their justification for why non-Safari browser engines are not
| allowed on iOS) and even enabling per-thread memory page
| permissions. Many more details are in this fantastic post from
| Google's project Zero:
| https://googleprojectzero.blogspot.com/2020/09/jitsploitatio...
|
| Overall it's very interesting to see Apple invest so
| significantly in something that will benefit relatively few users
| -- not that I'm complaining!
| sneak wrote:
| > _Overall it 's very interesting to see Apple invest so
| significantly in something that will benefit relatively few
| users_
|
| Apple has been doing this for decades with heavy investment
| into assistive technology, far better than other platforms.
| prox wrote:
| Looking at you Google. The only things they make is to spy
| _more_
| withinboredom wrote:
| Apple isn't much better. They just have better marketing.
| Angostura wrote:
| I was mucking about on my Mac the other day playing with the
| accessibility settings and came across this:
| https://support.apple.com/en-gb/guide/mac-
| help/mchlb2d4782b/... - s system that lets you move the mouse
| with movements of your head as picked up by the web cam. Woks
| _very_. Scrunch nose to click etc.
| alerighi wrote:
| > Apple did an amazing job already of hardening iOS by severely
| restricting which applications can use JIT
|
| Well they did that not because they care about users but
| because they want all software to pass trough the App Store
| (and thus the review and policies of Apple). If you would allow
| to run efficiently code from other sources (for example
| downloaded at runtime, put in a W+X memory page and executed)
| that code doesn't pass through the review process of Apple,
| thus one can publish an app that does something and then modify
| its code to make it do another thing (even load an entirely
| different thing).
|
| In the end I don't think this is a good thing for users.
| GekkePrutser wrote:
| Indeed this, it's more about platform control.
|
| I really hope the EU will succeed in forcing Apple to allow
| third party app stores. That would be a game changer. People
| that are happy to stay in the walled garden can simply not
| use any other app stores but for someone like me it will open
| up iOS as an actual option I can choose. Right now there's
| too many things I can't do on iOS.
|
| Though honestly, I'd be even happier with a real third option
| instead.
| prox wrote:
| What do you need iOS to do?
| withinboredom wrote:
| I'd like to write an app for myself, side load it, and
| Apple not have to give me special permission to do what I
| want. Right now, I have to have a "shortcut" start my own
| app (for simming) to change some device settings, then
| remember to change them back after the session. But if
| Apple would allow you to do whatever you want without
| their permission (on your own device), my life would be a
| bit simpler.
| unethical_ban wrote:
| >Overall it's very interesting to see Apple invest so
| significantly in something that will benefit relatively few
| users -- not that I'm complaining!
|
| I would say that this is at the very least a strong marketing
| point. "We are secure by default, and the most secure phone
| out-of-the-box on the planet if needed".
|
| The hardware itself must be trusted to an extent, too. Is there
| an android-compatible device/ROM combination that can advertise
| the same level of security as this lockdown mode, without
| spending two days configuring it?
| koen_hendriks wrote:
| fsflover wrote:
| Not Android-compatible, but:
| https://news.ycombinator.com/item?id=19360189
| saagarjha wrote:
| Pixel with one of the security-focused ROMs, maybe?
| encryptluks2 wrote:
| Chrome and Chromium has flags to disable JIT as well, but there
| is definitely a significant performance penalty.
|
| One area of greatest concern for me is client hints and the
| various JS APIs that leak way too much, from OS to memory and
| more. You would think that an extension as popular as uBlock
| Origin would exist that would make this information as generic
| as possible to mimic the most common browser profile. Without
| it, it is still incredibly easy to identify a user with JS
| enabled and unfortunately disabling JS also makes you unique.
|
| This doesn't even address the Canvas API issue that needs to be
| virtualized to protect privacy. The web standard as a whole
| hasn't really put a lot of thought into privacy.
| Dylan16807 wrote:
| > which is dangerous as it allocates W+X pages which are often
| used by the final stage of an exploit
|
| Are you sure? There's no need to ever have a page that is W and
| X at the same time, and I would not expect any current
| professional JIT to make one.
| helloooooooo wrote:
| There are still RWX pages in Chrome, something to do with
| WASM I think. I don't know about Safari. Old MS Edge used to
| solve the remapping of the W JIT page to X by moving JITTing
| to another process and then having it RW in there, but only
| ever be RX in the primary process.
| MintPaw wrote:
| Does the distinction matter? Is changing W pages into X pages
| meaningfully safer?
| 0x457 wrote:
| It depends on the kind of vulnerability. Say you have a
| vulnerability that allows writing to arbitrary pages, then
| an attacker on RWX system can write malicious code into
| pages that would get executed. In W^X environment, the
| attacker needs to find a W page and write to it before it
| becomes the X page.
|
| This isn't a 100% mitigation, but it does make it harder to
| exploit.
|
| JavaScript JIT been source of so many RCE vulnerabilities.
| bpye wrote:
| Yes. It means that you can't use a write primitive to
| simply modify an already executable page.
| lisper wrote:
| How does that help?
| remexre wrote:
| It means an attacker with an arbitrary-write vuln needs
| to be able to target a page as the JITted code is being
| written to it, rather than being able to target any
| existing page with code in it.
| ievans wrote:
| Thanks for the correction; my knowledge is a bit out of date,
| Firefox at least (not sure about Safari) switched to W^X JIT
| a good while back: https://jandemooij.nl/blog/wx-jit-code-
| enabled-in-firefox/. That's cool.
|
| W^X is more difficult to exploit for sure, but as other
| commenters point out, unfortunately still possible.
| CJefferson wrote:
| Technically pages alternate between W and X as you say, but
| this will disable even that (which is already true AFAIK for
| non-Apple iOS apps, they can't have JITs).
| saagarjha wrote:
| No, Apple uses mirror mappings or fast permission
| restrictions to flip the bits if available.
| tinus_hn wrote:
| I just looked it up in the Armv8 manual and there is a
| control setting that makes the processor ignore the
| executable permissions for any writable pages. It states
| these controls 'are intended to be used in systems with very
| high security requirements.' which suggests there are
| drawbacks.
|
| https://armv8-ref.codingbelief.com/en/chapter_d4/d44_1_memor.
| ..
| lancebeet wrote:
| >Overall it's very interesting to see Apple invest so
| significantly in something that will benefit relatively few
| users -- not that I'm complaining!
|
| Getting world leaders, celebrities and CEOs to use their
| devices might make this part of their marketing budget.
| 1f60c wrote:
| I think the primary user base will be human rights activists
| and journalists, similar to Google's Advanced Protection
| Program.
| GuB-42 wrote:
| I don't think human right activists and journalists are the
| most at risk here. They are more at risk than you and me
| but at least, they can keep a low profile.
|
| CEOs and celebrities and politicians are not only at risk
| because of their influence and insider knowledge, but they
| also have a huge target painted on them at all times. They
| simply can't keep a low profile due to their occupation.
| They also have money, much more than journalists and
| activists, so they attract "regular" criminals too.
|
| Human right activists and journalists probably won't be
| their main user base but it will be the most prominent for
| public relations reasons, because who doesn't like human
| right and investigative journalism? VIPs are less
| marketable and let's not talk about criminals. To keep
| things clear, I think it is a good feature, even if it can
| help criminals. After all, human right activists are often
| technically criminals where they act.
| makeitdouble wrote:
| Many journalists whole job is to not keep a low profile
| and pull attention from the public. I'm not sure
| politicians get killed that much more in comparison [0].
| Money is usually enough to solve political problems.
|
| [0] https://www.euronews.com/green/2022/02/18/30-environm
| ental-r...
| mataug wrote:
| > Overall it's very interesting to see Apple invest so
| significantly in something that will benefit relatively few
| users -- not that I'm complaining!
|
| My theory on this is that apple is one of the few companies
| where everything they build seems to be well integrated into
| their ecosystem. This is part of their appeal.
|
| Another part of Apple's appeal is that they've positioned
| themselves to appear as the company that cares the most about
| consumer privacy and security. Lockdown mode seems to be one of
| those features that's great for marketing and PR in certain
| circles, while being extremely useful in situations where it's
| needed.
|
| I imagine someone writing an article claiming how lockdown mode
| saved them, and that's practically free viral marketing in the
| security circles.
| t0mas88 wrote:
| Same for Tesla's Bioweapon Defense Mode. Nearly nobody ever
| needs it but it gets them some low cost marketing / viral
| clicks.
| optimiz3 wrote:
| > Bioweapon Defense Mode. Nearly nobody ever needs it
|
| Raging wildfires causing smog all over the west coast beg
| to differ. Having built-in HEPA filtration is fantastic.
| SV_BubbleTime wrote:
| Different take... Apple is going to push the idea wider and
| this is their test audience.
|
| It wouldn't surprise me if the anti-googled, that is
| instead of enforcing adoption of a web technology because
| they own the browser market, stopping all the misused
| technologies they don't want to have to explicitly protect
| for.
| vineyardmike wrote:
| > Lockdown mode seems to be one of those features that's
| great for marketing and PR in certain circles, while being
| extremely useful in situations where it's needed.
|
| Also, it gives them additional room to play with security
| research and engineering at large. They already have an
| incentive to improve security on device (drive by attacks,
| jail breaking), and this just enables them to play with
| things that are safer but break too much. They're basically
| training their other tech teams to be more secure, and find
| where security and UX clash, identify and build the fix, even
| if off by default.
| fossuser wrote:
| I suspect this is a direct response to the NSO Group related
| hacks.
| arecurrence wrote:
| I was very happy to see this feature announced! I turned it on
| immediately and so far it has had little negative impact on my
| life.
|
| Some apps like Gmail will warn you that Lockdown mode is
| activated and that it will impact your experience but I have not
| encountered any drawbacks beyond iMessage links not opening the
| browser. This is easily worked around by copying them.
|
| I hope this also blocks incoming calendar invites. Apple has as a
| feature the automatic addition of calendar invites... spammers
| soon noticed this and send out calendar invites with their
| favorite links that can clutter it up.
| altairprime wrote:
| Er, are you both under threat by nation-state attackers and
| also posting about your device security decisions on a public
| web forum? If so, you may wish to reconsider!
| ruune wrote:
| Fairly certain it's just another person wanting to go the
| extra mile of security. Sure, it may not do anything useful
| if you're just some guy Pegasus won't ever encounter. But if
| lockdown mode doesn't restrict OP in any way, what's the
| drawback of just enabling it to sleep that little bit better
| at night?
| [deleted]
| altairprime wrote:
| Seems most likely, but there's nothing I need to say in
| _that_ scenario. May as well cover the long-odds case in
| the off chance that I save someone's life.
| mark_l_watson wrote:
| I have been running Lockdown Mode for several weeks. It is very
| rare that my iPhone can not access a web page correctly, etc.
| iMessage behaves a little differently but I am used to it.
| calsy wrote:
| Obviously these types of features are welcome, even though they
| are apply to an incredibly small group of people. I cant help but
| feel the 'personal security' push from Apple and its marketing is
| rather self serving.
|
| Apple is under more legal pressure than ever for its apparent
| 'anti-competitive' practices. They have on many occasions pushed
| the line of user privacy and security to defend their business.
| Features like this benefit a small group of people, but help
| Apple enormously in defending itself from litigation.
|
| Edit: Downvote? Why are companies given the benefit of the doubt
| as if they were human and caring when they are clearly not! Large
| listed tech companies like Apple will ALWAYS act in their own
| interest first. User privacy is the advantage Apple has over its
| competitors who rely on free services and advertising. It is in
| their OWN INTEREST to pursue this path which in turn impacts
| others ability to compete. Must we continue to be so grossly
| naive?
| miles wrote:
| Still waiting for Apple to allow restricting network access (both
| cellular and WiFi) for specific apps on all devices, not just
| those sold in China:
| https://apple.stackexchange.com/a/312430/51806 .
| Tomte wrote:
| I think lockdown mode prevented me from copying text on my iPad
| and pasting it on the iPhone in WhatsApp, but let me paste it in
| Apple Notes.
|
| I'm not sure though, it might have been a bug, it might have been
| a user error, but I wonder if inter-device copy and paste is
| limited, too. I haven't read anything about it, though.
|
| Otherwise I've noticed nothing, except a popup when starting apps
| for the first time after activating lockdown mode, that lockdown
| mode is active for the app.
|
| To me, lockdown mode is a no-brainer. But I don't use very JS-
| intensive web sites, and never use Apple messages.
| GekkePrutser wrote:
| Are you sure this is the lockdown mode? If your phone is
| enrolled in an MDM the admin can control which apps you can
| copy/paste between and normally this includes just the
| corporate-sanctioned apps.
| ffhhj wrote:
| > 3. Under Security, tap Lockdown Mode and tap Turn On Lockdown
| Mode.
|
| > 4. Tap Turn On Lockdown Mode.
|
| Tap twice? ;)
| duskwuff wrote:
| This is correct. The first one is a menu option; the second one
| is in a dialog explaining what you're getting yourself into.
| [deleted]
| randyrand wrote:
| A big shortcoming - 3rd party apps.
|
| Many hacks these days exploit Whatsapp incoming message
| processing, etc.
|
| Every app with push notification support increases your attack
| surface.
| HL33tibCe7 wrote:
| This further cements my opinion that Apple is just leaps ahead of
| anyone else wrt security and privacy these days. They should be
| applauded for this.
|
| I look forward to when this comes to iPad. An iPad with a
| Bluetooth keyboard is an excellent option over a traditional
| laptop for a high-risk target, and this'll make it even better.
| skybrian wrote:
| Compare with Google's "enhanced safe browsing" for Chrome and
| Gmail [1] and lockdown mode on Android.
|
| [1] https://support.google.com/accounts/answer/11577602?hl=en
| 3pt14159 wrote:
| Privacy, yes.
|
| Security qua security (ie, not counting security loss due to
| privacy loss) it's pretty tight between Android and iOS:
|
| https://zerodium.com/program.html
| judge2020 wrote:
| While rootkits et al. are bad, privacy loss can be just as
| bad ie. "reads your email" or "passively reads clipboard
| [containing passwords]".
| gpt5 wrote:
| To be fair, this mode is a direct counter to the zero-click
| attacks that Zerodium is offering the high payouts for. It
| specifically blocks all the (currently) known attack vectors.
|
| Maybe Zerodium will offer a new tier for a zero-click attack
| on an iPhone on Lockdown mode in the future.
| 3pt14159 wrote:
| I wouldn't say that is fair in that very few people can use
| that mode, so the net security win is minor and there exist
| hyperlocked down Android versions for _years_ on the open
| market. A friend of mine even worked on one.
|
| This space is murky at the top end.
|
| The Zerodium payout offering is a rough proxy, but for
| 99.99% of consumers the security win for a iPhone are
| mostly about how they don't have to think about the
| manufacturer (tell your tech illiterate friend to buy an
| iPhone is easier than saying "Android but only Google or
| XYZ manufacturer") and how the privacy differential helps
| out a bit.
|
| Also, plenty of people can't enable crazy hyper secure mode
| without bleeding information that they've enabled it. So
| this isn't as helpful as it may seem.
| gpt5 wrote:
| > I wouldn't say that is fair in that very few people can
| use that mode
|
| Very few people are being targeted by nation-states who
| are willing to pay for / develop these attacks. But more
| importantly, these are not a random set of people. These
| are head of states and companies, free speech activists
| and journalists, and people with access to top secret
| information. I suspect that a large set of them are aware
| that they are potential targets.
| lizardactivist wrote:
| Important to understand is that "provisioned access" as given to
| the US government is not considered to be a cyber attack, and
| lockdown mode will not help you there.
|
| Also, it appears you cannot use configuration profiles in
| lockdown mode, meaning you may not be able to use DNS over TLS or
| HTTPS.
| mwint wrote:
| Do you have a source for this provisioned access claim, or in
| fact that it exists at all?
|
| ---
|
| It says you can't install new configuration profiles while
| lockdown mode is enabled, not that you can't run lockdown mode
| with a profile enabled.
| teeray wrote:
| > Lockdown Mode is not a configurable option for Mobile Device
| Management by system administrators
|
| This is the best news. Otherwise, you can bet your IT department
| would be throwing that switch on for everyone.
| deathgripsss wrote:
| I imagine in lockdown mode the device would be pretty much
| useless as a work device.
| amself wrote:
| Negative. I've been using it since the update with no issues.
| kerblang wrote:
| I would be interested in hearing more about your experience
| and whatever sort of things have come up...
| Syonyk wrote:
| I've been using Lockdown for a month or two now with the
| beta, and did some writing on it:
| https://www.sevarg.net/2022/07/20/ios16-lockdown-mode-
| browse...
|
| Results of enabling it and using my phone as I normally
| would:
|
| - Some websites don't display images. I've no idea what
| they encode to, but they won't display. Fine, don't care.
|
| - Animated GIFs don't play in Messages when coming in via
| SMS (perhaps iMessage too, haven't tried). Annoying when
| people communicate in animated GIFs, but... people just
| expect my tech to be weirdly broken, so this doesn't
| actually impact things significantly.
|
| And that's it. I couldn't tell you the performance delta
| in casual internet use, though I don't use my phone very
| heavily either.
| _joel wrote:
| Could they not just implement the functionality in MDM policy
| anyway, or close enough?
| bpye wrote:
| Don't think MDM could do stuff like disable JIT.
| _joel wrote:
| Probably can't, good point
| GekkePrutser wrote:
| No but Apple could of course add the option. They fully
| control the MDM API.
| gambiting wrote:
| I imagine it's just yet another protection for the mode - it
| cannot be controlled by external policy, so no one can force it
| off externally.
| gregsadetsky wrote:
| Sorry, I'm not sure that I follow. Why would it be a bad idea
| if some IT departments enabled Lockdown Mode (LM) via MDM..?
|
| The article says that in LM, you can't enrol the device in MDM
| -- I suppose that if you want LM functionalities, it makes some
| sense that you wouldn't want parts of your device to be
| remotely controllable by an entreprise (or your MDM profile
| overriding some of the Lockdown options..?)
|
| But... I don't understand what you mean by it being a bad thing
| that IT admins would want Lockdown Mode for everyone. Thanks
| bgro wrote:
| There are a lot of cases where you have to be available on
| chat. Either sit at your desk and do nothing for 12 hours
| straight, or do anything you want and just have your phone on
| you. This could either be a slow day at work, or an actual
| off day like being on call on a Saturday. A lot of companies
| aren't going to buy you a separate work phone.
|
| If there's a lazy security option that can be enabled, a lot
| of companies are just going to inappropriately turn it on
| because it doesn't bother them that your phone can't do
| anything fun. That doesn't cost them money. Even if you're a
| web designer for a small shoe store where obviously nuclear
| power plant level of security doesn't really make sense.
|
| I remember android phones like 10 years ago or so had some
| corporate policy option so any time the screen is locked, you
| need to enter a 20 character password that has uppers,
| lowers, capitals, symbols, and numbers.
|
| Any patterns / words it decided were too easy to guess were
| rejected for a password. This wasn't a "Lock after an hour of
| inactivity." It was "Lock immediately, and set screen timeout
| to 30 seconds."
| blep_ wrote:
| This is how you get me to start stubbornly claiming I don't
| have a smartphone.
|
| If you have special requirements for the devices I use,
| it's your responsibility to provide separate devices from
| my personal ones.
| withinboredom wrote:
| I refuse to sign in to my work gmail on my android exactly
| for this reason. It basically wants to lock down my phone.
| It doesn't do that for my iPhone though, but I'm not logged
| in their either, FWIW.
|
| I refuse to use my personal devices for work, as a matter
| of principle. Need me to be on call?, flip phones are
| pretty darn cheap.
| Syonyk wrote:
| > _The article says that in LM, you can 't enrol the device
| in MDM_
|
| My understanding is that you can't _change_ the MDM settings
| /enrollment while in Lockdown, but you can enroll in it, and
| then enable Lockdown, and be fine.
| _jal wrote:
| Unless I'm missing something, I think I plan to just run this all
| the time. I see very few downsides, personally.
|
| > web fonts might not be displayed
|
| Great, I almost always prefer system default fonts.
|
| > Incoming FaceTime calls are blocked
|
| Perfect, I don't use it, it is always some scammer.
|
| > Incoming invitations for Apple Services
|
| Perfect, I don't care.
|
| > Shared albums are removed from the Photos app
|
| I don't use this stuff, I don't care.
|
| > To connect your device to a USB accessory or another computer,
| the device needs to be unlocked.
|
| This seems like it should have always been the default.
|
| > Configuration profiles can't be installed
|
| Perfect, nobody should be trying to manage my phone.
| nickv wrote:
| >> Incoming FaceTime calls are blocked
|
| > Perfect, I don't use it, it is always some scammer.
|
| You get spam/scam FaceTime calls? (Not attacking, just
| generally curious... I've never in my life ever gotten or know
| anybody who has been spammed via FaceTime).
| _jal wrote:
| Yep, happened multiple times.
|
| In fairness, there is a setting to turn Facetime off
| entirely, that didn't have to wait for this feature.
| ThinkBeat wrote:
| These things are godo and bad.
|
| It is nice to make the effort, and it might be dome good. and
| allow a lot of people to feel l33t
|
| It is bad if people at proper risk think they are safe once it is
| enabled. (and those, to me, appear to be the people this is
| marketed for)
| GekkePrutser wrote:
| You're never 'safe' by toggling any switch. Opsec needs to be
| approached holistically and goes far beyond technology. This
| setting could be part of that but not the core. I would expect
| the people really at risk to be fully aware of this (or have
| people in their entourage that are). The best thing to do if
| you have state-sponsored adversaries is to assume your phone is
| being hacked.
|
| I have seen some people in such positions and sometimes they
| don't even use a smartphone at all. I don't think they would be
| tricked into feeling 'safe' with something like this. I wonder
| if it will actually prevent the attack vectors used by
| something like Pegasus.
|
| I think it will make a lot of people feel badass though :) Like
| most people that bought Phil Zimmermann's Blackphone.
| geoffeg wrote:
| I find it interesting that Lockdown Mode doesn't (yet) enable
| multiple lock screen authentication methods. Requiring Face ID
| AND a pass code could be useful. (There are rumors that Apple
| will add Touch ID back to their phones in the future. I'm not
| sure they'd keep Face ID on a phone with Touch ID but combining
| those two methods AND requiring a pass code would seem to be the
| most secure.)
|
| I'd also like to see some method for quickly wiping the phone or
| severely disabling it. A friend mentioned that a new scheme for
| thieves is to ask you for your unlocked phone at gunpoint and
| then use a cash app to transfer money to one of their accounts.
| Some way to very quickly (and covertly) wipe your phone would
| help defend against that attack. (Related:
| https://www.startribune.com/warrant-grifters-targeting-cash-...)
| gregoryl wrote:
| "If you wipe your phone, I will shoot you."
|
| A more practical defence is keeping a low balance on any
| account that can be easily accessed from the phone. Not seeing
| any real use for this functionality when faced with an
| adversary physically.
| 1123581321 wrote:
| In the theft as described from the article, it would've
| helped since the scam was based on escalating a phone
| borrowing to theft while acting like a crime wasn't
| happening.
| geoffeg wrote:
| True. If there was some way to de-auth or remove high target
| apps that might allow some level of deniability? (edit: I
| used the wrong word initially.)
| 1123581321 wrote:
| Lock or mark iPhone as lost from the watch would be a nice
| feature.
| yosito wrote:
| I wonder why all of these settings are grouped together into a
| "mode" rather than giving users control over each of them
| individually.
|
| What if I want to block USB devices, but I want to be able to use
| shared photo albums?
| oneplane wrote:
| I'd guess the following: if Apple is a company that is mostly
| trying too sell UX and seamless integration as a part of that,
| but has to break quite a lot of that every time an 'extreme'
| protection measure is used, then it stands to reason that
| they'd make the 'mess up the UX' thing all contained in one
| option.
|
| It makes for a very clear demarcation as to why the product
| doesn't work as it normally should, and an abundance of
| differentiation would remove all of the guessing as to "why is
| feature X not doing what I expect" for the user of the device.
| gpt5 wrote:
| I imagine that it's more than that - by grouping them into
| one feature, Apple can continue and improve upon lockdown
| mode without needing to opt-in the user in every update.
| unethical_ban wrote:
| Hm, it would be interesting if they had toggles for each
| feature with some kind of UI element/hint/incentive to have it
| all on.
|
| Think of how Apple maintains their image, and who they claim
| this is for. They don't want a journalist killed because they
| thought they had Lockdown Mode on, but they had link previews
| in SMS and got hit by a zero-day tracker.
| saagarjha wrote:
| I assume it would be difficult for most users to make informed
| decisions on this
| coder543 wrote:
| I agree it would be nice to have the ability to toggle some of
| these on without the others.
|
| Regarding USB devices, Apple has offered a setting for years in
| "Face ID & Passcode", under "Allow Access When Locked" called
| "USB Accessories". If you turn that off, then your iPhone won't
| allow USB accessories to connect if the phone has been locked
| for more than an hour. Not quite the same as the Lockdown
| setting, but better than nothing?
| SkyPuncher wrote:
| You can do that via MDM profiles, already.
|
| The value of grouping this into a mode is ensuring end
| operators don't miss important details.
| maybelsyrup wrote:
| Does anyone think that Lockdown Mode was allowed to roll out
| without the American security state feeling comfortable that
| they're able to defeat it by pressing a button?
| JumpCrisscross wrote:
| > _Lockdown Mode was allowed to roll out without the American
| security state feeling comfortable that they 're able to defeat
| it by pressing a button?_
|
| There is growing political consensus that given the lawless
| conduct of our adversaries, and the semi-lawful conduct of
| American intelligence, a smaller overall security cross section
| is to our advantage.
| MMS21 wrote:
| Looks like they're preparing for sideloading (LFG!)
___________________________________________________________________
(page generated 2022-09-14 23:00 UTC)