Raw Record Source

{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreif4373ozkocjkwiaaomgdkd3bt3xnkh5wle2fv3crgfjlnhqx6oxq",
    "uri": "at://did:plc:ei7bjz4znfapbhkcszctjjd6/app.bsky.feed.post/3me5ws6tn66n2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiawyfopsznmq7zirzptl2oua3sm2ldexdex6ipqpk7vo7epwdhaie"
    },
    "mimeType": "image/jpeg",
    "size": 43145
  },
  "path": "/article/4128184/this-is-why-high-value-targets-should-use-lockdown-mode.html",
  "publishedAt": "2026-02-05T16:49:30.000Z",
  "site": "https://www.computerworld.com",
  "tags": [
    "Apple, Endpoint Protection, iOS Security, Mobile Security, Security",
    "has the answer",
    "ongoing investigation about alleged leaks of classified information to the media",
    "controversially raided the home of _Washington Post_ reporter Hannah Natanson",
    "Apple says",
    "warn customers in 84 countries",
    "Lockdown Mode",
    "such as the UK",
    "BlueSky",
    "LinkedIn",
    "Mastodon"
  ],
  "textContent": "If you’ve ever wondered how secure Apple’s Lockdown Mode is, the Federal Bureau of Investigations (FBI) has the answer — and it’s good news for journalists, business leaders, civil leaders, or anyone who has to handle confidential data.\n\nAs part of an ongoing investigation about alleged leaks of classified information to the media, the FBI controversially raided the home of _Washington Post_ reporter Hannah Natanson, seizing the journalist’s electronic devices, including an iPhone.\n\nThe iPhone was in Lockdown Mode at the time of the raid, so the FBI took the device to its Computer Analysis Response Team (CART), which attempted and failed to access the information it carried because the iPhone was in Lockdown mode. This is likely because the mode prevents wired connections between the iPhone and a computer or accessory when it is enabled, as US law enforcement seems to use a variety of peripherals to undermine security.\n\nIt is a great example of an Apple feature doing what it is intended to do.\n\n## **Massive attacks are taking place**\n\n“Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats,” Apple says.\n\nWe already know surveillance-as-a-service firms are targeting individuals that fit Natanson’s profile, just as they target business and political leaders, dissidents, celebrities and others. Only last December, Apple had to warn customers in 84 countries that they might have been targeted by such attacks. It has warned people in 150 nations to date.\n\nIf you imagine a police raid against a journalist outside the US, it becomes much easier to recognize the value Lockdown Mode provides. It means journalists and other high-value targets can more safely use locked-down devices for their work.\n\nThe reporter could not prevent investigators from forcing her to unlock her Touch ID-enabled MacBook, as police can compel suspects to unlock biometrically protected devices. Natanson did not share the passcode to her non-biometric personal laptop, which remains a closed MacBook to authorities.\n\n## **What Lockdown Mode is and how it works**\n\nIntroduced in 2022, Lockdown Mode delivered a double whammy, massively increasing device security while also making complex attacks even more expensive to develop and make. Apple describes the protection as “sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.”\n\nEnabled in the **Privacy & Security** pane on Settings on iPhone, Lockdown Mode compromises what you can do with your iPhone in exchange for the protection it provides.\n\nWhen enabled, those compromises include:\n\n  * Most message attachment types other than images are blocked.\n  * Link previews, are disabled.\n  * Biometric authorization no longer works.\n  * Certain complex web technologies, such as just-in-time (JIT) JavaScript compilation, are disabled.\n  * Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously contacted the other party.\n  * Wired connections with a computer or accessory are blocked.\n  * Configuration profiles cannot be installed.\n  * The device cannot enrol in mobile device management (MDM) systems.\n\n\n\nRestrictions operate at the OS kernel and sandboxing level, making them extremely resilient to any attempted tampering. That resilience means Lockdown Mode protection is extremely difficult for attackers to overcome.\n\nWe don’t know where that resilience ends, we don’t know whether the FBI in this case has access to more powerful systems with which to attack Natanson’s phone. However, we do now know for certain that Lockdown Mode can deliver the degree of protection high-value targets may require.\n\nIf nothing else, such protection might buy targets a little time when the state or other antagonists demand access to confidential sources. If you are a high-value target, it makes sense to ensure you enable this protection during high-risk activities such as when traveling, while involved in sensitive negotiations, or if you receive a threat notification. You should also use long and complex alphanumeric passwords.\n\n## **Not for the everyone?**\n\n“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” Ivan Krstić, Apple’s head of Security Engineering and Architecture, said when introducing the protection four years ago.\n\nIt is, of course, widely recognized that Apple’s platforms are intrinsically secure. But Apple boosts this with additional optional security features, including Advanced Data Protection to encrypt device backups and Wallet Passes, and a feature called Inactivity Reboot; the latter makes devices reboot after being left inactive for some time, forcing a password to be used to unlock it again.\n\nApple also offers bounties to security researchers who can break Lockdown Mode and regularly updates security protection across all its platforms.\n\nThe company clearly understands that in the online world, no one is safe until everyone is safe. That’s true despite ongoing tension between digital privacy and law enforcement, particularly in heavily surveilled regimes such as the UK.\n\n_You can follow me on social media! Join me onBlueSky, LinkedIn, and Mastodon._",
  "title": "This is why high-value targets should use Lockdown Mode"
}