FBI couldn't get into WaPo reporter's iPhone because Lockdown Mode enabled

Posted by robin_reala 2 days ago

FBI couldn't get into WaPo reporter's iPhone because Lockdown Mode enabled(www.404media.co)

598 points | 527 commentspage 2

hyruo 2 days ago|

In China, there is only one way to deal with this situation: when the police summon you for the first time, do not bring your phone. Before the second summons, get a new phone or completely format your old one. However, this does not apply in cases of ongoing crimes or when someone is already wanted by the authorities, as they will not be given a second chance.

niemandhier 2 days ago||

Depending on your jurisdiction faceid is safer than fingerprint, because faceid won’t unlock while your eyes are closed.

In many European countries forcing your finger on a scanner would be permissible under certain circumstances, forcing your eyes open so far has been deemed unacceptable.

Melatonic 2 days ago|

Good to know. You sure about this though ? I swear I've seen people use Face ID on someone who's sleeping

niemandhier 2 days ago|||

The flag is called: “Require Attention for Face ID”

100% sure about the legal situation in Germany.

1vuio0pswjnm7 2 days ago||

"Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make[sic] them harder to hack."

Funny to see disabling "features" itself described as "feature"

Why not call it a "setting"

Most iPhone users do not change default settings. That's why Google pays Apple billions of dollars for a default setting that sends data about users to Google

"Lockdown Mode" is not a default setting

The phrase "sometimes overlooked" is an understatement. It's not a default setting and almost no one uses it

If it is true Lockdown Mode makes iPhones "harder to hack", as the journalist contends, then it is also true that Apple's default settings make iPhones "easier to hack"

rick_dalton 2 days ago||

The intention behind lockdown mode is protection for a select few groups of people such as journalists, that are at risk of having software like Pegasus used against them. It’s to reduce the attack surface. The average user wouldn’t want most of it as a default setting, for example: almost no message attachments allowed, no FaceTime calls from people you haven’t called and safari is kneecapped. Making this a default setting for most people is unrealistic and also probably won’t help their cybersecurity as they wouldn’t be targeted anyway.

1vuio0pswjnm7 2 days ago||

A "reduced attack surface" can also be a reduced surface for telemetry, data collection, surveillance and advertising services, thereby directly or indirectly causing a reduction in Apple revenues

Perhaps this could be a factor in why it's not a default setting

brewdad 2 days ago||

Can anyone speak to the relative safety or lack thereof using FaceID on individual apps while requiring a PIN to login to the device?

I have my phone setup this way because FaceID can be so convenient. I know it opens up more attack vectors than not using it but is it possible for a powerful actor to utilize the fact that it is enabled at all to gain access to a locked phone?

kittikitti 2 days ago||

It sounds like almost all of our devices have security by annoyance as default. Where are the promises of E2E encryption and all the privacy measures? When I turned on lockdown mode on my iPhone, there were a few notifications where the random spam calls I get were attempting a FaceTime exploit. How come we have to wait until someone can prove ICE can't get into our devices?

mrexcess 2 days ago||

I trust 404 media more than most sources, but I can’t help but reflexively read every story prominently showcasing the FBI’s supposed surveillance gaps as attempted watering hole attacks. The NSA almost certainly has hardware backdoors in Apple silicon, as disclosed a couple of years ago by the excellent researchers at Kaspersky. That being the case, Lockdown Mode is not even in play.

chuckadams 2 days ago|

The NSA is not going to tip its hand about any backdoors it had built into the hardware for something as small as this.

ddtaylor 2 days ago||

It depends on if parallel reconstruction can be used to provide deniability.

chuckadams 2 days ago||

Even a parallel construction has limited uses, since you can't use the same excuse every time. The NSA probably doesn't trust the FBI to come up with something plausible.

ddtaylor 1 day ago||

That depends on how apathetic people are. Most of the time they will accept a completely garbage story and you can create infinitely many of those.

chuckadams 14 hours ago||

Sure, and that’s why juries buy the same line from cops every time, but major actors actually affected by potential backdoors are likely to be a bit more skeptical and start digging around for the real reasons.

eudamoniac 2 days ago||

My Google pixel 5a randomly requires the pin/password every couple of days and will not accept biometrics. I have always assumed this was to heavily discourage using long passwords for this very reason.

ramuel 2 days ago|

Can't they just use Pegasus or Cellebrite???

aw1621107 2 days ago|

It's unlikely that Pegasus would work since Apple patched the exploit it used.

I think it's unclear whether Cellebrite can or cannot get around Lockdown Mode as it would depend very heavily on whether the technique(s)/exploit(s) Cellebrite uses are suitable for whatever bugs/vulnerabilities remain exposed in Lockdown Mode.

More comments...