In January, the FBI made headlines after it raided the home of Washington Post reporter Hannah Natanson. It was a shocking case of law enforcement not just overriding one journalist’s privacy, but the integrity of the entire news organization. The devices the FBI seized—which included personal devices as well as a Washington Post-issued laptop—contained Natanson’s personal contacts, correspondences, and the Slack channels of the Washington Post itself.
But while the FBI was able to access some of the devices, it was not able to access Natanson’s iPhone. That’s because the device was in Lockdown Mode, which prevented the FBI’s Computer Analysis Response Team (CART) from breaking into it. This isn’t a setting that is exclusive to journalists: You have this option baked into your iPhone as well, and can choose to turn it on at any time. The thing is, unless you’re a high-profile target, you probably don’t want to.
How does Lockdown Mode work?
Lockdown Mode is an option on iPhones, iPads, Apple Watches, and Macs, designed for users who could be the target of sophisticated cyberattacks. Think politicians, businessmen, activists, and, of course, journalists—really, anyone high-profile that works or takes action in a way that could draw the ire of powerful organizations or governments.
Because attackers target devices with spyware, the goal of Lockdown Mode is to reduce the attack surface of your device in order to prevent potential cyberattacks from working. Attackers can install spyware on a target’s device in a number of ways, through links, attachments, wired connections, and file downloads, the same way you can install malware by clicking a malicious link in an email, or downloading a corrupt extension from the web. Lockdown Mode locks down these vulnerabilities and eliminates as many potential attack routes as possible.
To achieve this, Lockdown Mode severely impacts a number of functions you may use on your device every day. According to Apple, that includes the following:
-
Messages: Lockdown Mode will block most message attachment types, other than “certain images, video, and audio.” Links and link previews are blocked.
-
Web browsing: The feature blocks “complex web technologies,” which could impact how certain websites load or function. You may not see certain web fonts, and you may see missing image icons in place of pictures.
-
FaceTime: Incoming FaceTime calls are blocked, except for contacts you have called within the past 30 days. You can’t use SharePlay or take Live Photos in FaceTime calls.
-
Apple services: Invitations to Apple services like invites to manage a smart home are blocked, unless you have previously invited that person. GameCenter will not work, and Focuses will not work “as expected.”
-
Photos: Lockdown Mode strips photos of their location data when you share them, and shared albums are taken out of your Photos app. You won’t be able to receive new shared album invites. You can still see shared albums on devices that don’t have Lockdown Mode enabled.
-
Device connections: Your device needs to be unlocked before it can communicate with another computer. In addition, your Mac also requires your explicit approval before the connection can be made.
-
Wireless connectivity: You won’t automatically join non-secure wifi networks, and you will disconnect from existing non-secure wifi networks. Lockdown Mode also blocks 2G and 3G cellular support.
-
Configuration profiles: You can’t install configuration profiles, and the device can’t enroll in Mobile Device Management.
Apple makes a point to say that phone calls and “plain text messages” will work as normal, however incoming calls won’t ring on your Apple Watch. Emergency SOS also will continue to work.
These restrictions make it much more difficult for a bad actor to install spyware on your device, though it also makes it more difficult to use your device. A shared album invite could contain malware, but by removing the feature entirely, you miss out on photos from friends and family. Any spyware coming from a malicious link or image will be blocked, but if you frequently send photos, videos, and other attachments in Messages, you’ll miss out.
What do you think so far?
That’s why these measures are really designed only for individuals who think they’ll be targeted by sophisticated actors. It seems that could include governments secretly installing spyware on targets’ devices, or the FBI stealing your device in a raid. It’s worth noting that the FBI was able to access Natanson’s other devices, including a MacBook Pro that unlocked with her fingerprint. The agency’s warrant compelled Natanson to unlock her devices with biometrics if they were enabled. Lockdown Mode could not have prevented that, so it’s not clear why the FBI didn’t force Natanson to unlock the iPhone in question, too.
How to turn on Lockdown Mode
If you understand the restrictions, but still want to try Lockdown Mode, you’ll need to be running the following software version on each of the Apple devices you want to use Lockdown Mode with:
Apple says “additional protections” are available for iOS 17, iPadOS 17, or macOS Sonoma or later. In addition, you should update your device to the latest software version before turning on Lockdown Mode if you want all the latest protections.
You can turn on Lockdown Mode on any of your Apple devices, but you must do so individually on each. You’ll find the option at the bottom of the “Privacy & Security” section in Settings (System Settings on Mac). Hit “Turn On Lockdown Mode,” then review the pop-up that appears and choose “Turn On Lockdown Mode” again. You’ll need to choose to “Turn On & Restart,” then enter your device’s password or passcode for the feature to take effect.
