Lock mode was introduced with iOS 16 as an extraordinary protection measure for individuals at high risk of targeted attacks. This mode imposes various restrictions, such as limiting messaging functionality, disabling wired connections, and blocking unsafe sites. When lock mode is turned on, the device needs to be restarted to ensure the changes are applied. However, researchers at Jamf Threat Threat Labs have shown that this security measure can be manipulated.Contrary to popular belief, iPhones can also be infected with malware, but this is rare. Attackers who exploit zero-day vulnerabilities and zero-click vulnerabilities can infect the user device, but these sophisticated attacks are generally costly and difficult to perform.
Fake iPhone lock mode!
Jamf Threat Labs has developed a technique that allows the iPhone to behave as if it were not in lock mode. The user switches to lock mode, the device restarts, but then the Safari browser does not take actions to protect the user and shows fake warnings. This is not a lock-mode, iPhone or iOS-related vulnerability. This technique, called tampering, only works on the device that is already infected with malware. Jamf points out that the lock mode is actually just a limitation. Lock mode does not act like anti-malware software that finds and deletes malware from the system, it just reduces the entry points available to the attacker.
Jamf thinks that manipulating the iPhone’s locking mode in this way could lull users into a false sense of security. However, as we mentioned earlier, this technique is only possible on malware-infected iPhone. Complex attacks like this are very expensive and difficult to achieve without significant resources. Therefore, an ordinary user who is not a diplomat or political journalist does not need to worry about such security risks. When Apple introduced the lock mode, it clearly stated that it was for certain people at high risk of attack.
42002
