Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware.
Apple is not kidding about this being an optional level of security, either. Enabling Lockdown Mode will mean a noticeably hampered device experience. FaceTime calls from people you have not previously called will be blocked, shared photo albums are removed, and you cannot use wired accessories while your phone is locked. Here is a weird one:
Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
The reason I think this is strange is because files in an image format were implicated in Pegasus attacks, while web previews are generated on the sender’s side. But the apparent GIF files used in ForcedEntry included PDF files containing the exploit — a vulnerability in CoreGraphics which has now been patched — so perhaps Lockdown Mode would correctly parse a similar attack as a non-image attachment and block it.
A preview of Lockdown Mode is included in the beta seeds released today.
See Also: Citizen Lab’s John Scott-Railton on Twitter.