Apple says that “Safety Check can be helpful to users whose personal safety is at risk from domestic or intimate partner violence by quickly removing all access they’ve granted to others.”
To access the features, go to Settings, then Privacy & Security, and then Safety Check.
Lockdown Mode is different in the sense that it is almost a parallel universe that users can move their iPhones into where luxuries like link previews in Messages, shared albums in Photos, and FaceTime calls from phone numbers and accounts you haven’t called before are all blocked. In exchange, the goal is to make it much more difficult for commercial spyware vendors to discover and take advantage of complex exploit chains that combine vulnerabilities in multiple iOS features to take control of devices.
“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” Apple’s head of security engineering and architecture, Ivan Krstić, said when the feature was announced in July. “That includes continuing to design defenses specifically for these users.”
Turn on Lockdown Mode in iOS 16 by going to Settings, then Privacy and Security, then Lockdown Mode.
Though Apple doesn’t intend either feature to become a hot trend for most users, the fact is that the tools may find audiences and use cases beyond their intended populations. And when it comes to Lockdown Mode, in particular, one can only imagine what strategies researchers and attackers alike may develop to attack even this most hardened version of commercial iOS. But both features offer new and expanded opportunities for users to make it more difficult for adversaries of all sorts to achieve the level of access they seek. And both make it easier for Apple to fix new vulnerabilities and workarounds that arise more easily. Rather than having to make substantial changes, Apple can simply refine Safety Check and Lockdown Mode to address the latest concern.
“There’s been some debate about whether Lockdown Mode will actually prevent spyware attacks like infections from NSO Group’s Pegasus,” Malwarebytes Reed says. “It’s possible it won’t prevent all possible means of infection, but it reduces the attack surfaces and makes it harder for attackers. As much as I’d personally like to be able to have greater visibility into iOS, I think Apple’s doing the right thing.”
Apple’s App Store, though, is one domain that Lockdown Mode and Safety Check don’t address. Researchers have found malicious apps that got approved for the App Store in the past, and as other avenues are closed off to attackers, they may increasingly refine their techniques for developing stealthily malicious apps in an attempt to make up ground.
“The specific elements of Lockdown Mode give us insight into what Apple sees as the most common attack vectors on an iPhone today,” Corellium’s Gorton says. But “Lockdown Mode doesn’t seem to restrict access to third-party apps. It’s possible that as Apple limits the attack surface for native features, the attack focus may increasingly shift to apps from the App Store. That could be problematic for a couple of reasons. One, we know these these apps undergo relatively limited review before making it to the App Store. And two, this would increase the burden of security mitigations on third-party developers, but the locked-down nature of iOS makes it increasingly difficult for app developers to adequately test the security of their own apps.”
Apple’s changing philosophy on specialized security and privacy protections is a welcome step, but it may apply its own evolutionary pressures to the iOS security field that move attackers’ focus without dampening their zeal.
