Lockdown Mode is an iPhone setting designed for rare, highly sophisticated cyberattacks, but it has taken on new attention after a U.S. investigation ran into the feature during an effort to access a seized device.
The episode centers on Washington Post reporter Hannah Natanson, whose iPhone was seized along with two MacBooks and other electronic devices when federal agents searched her home last month. The FBI reported that a specialized Computer Analysis Response Team could not extract data from the iPhone because it was protected by Apple’s Lockdown Mode, according to a court filing.
Apple describes Lockdown Mode as an “optional, extreme” protection tool aimed at reducing exposure to “extremely rare and highly sophisticated cyberattacks.” Apple’s support materials say it is not for everyone, but for “very few individuals” who could be targeted because of who they are or what they do, and that “most people will never be targeted by attacks of this nature.”
The court filing and the reporting around it also show that Lockdown Mode did not end the government’s access efforts. According to the same court materials, agents told Natanson that they “could not compel her to provide her passcodes,” but the warrant used to execute the search gave agents authority “to use Natanson’s biometrics, such as facial recognition or fingerprints, to open her devices.” The filing says Natanson did not use biometrics to lock her devices, though agents ultimately were able to unlock a MacBook using her fingerprint.
Apple has positioned Lockdown Mode as part of a broader approach to security that avoids special government access. The company previously rejected U.S. requests for “backdoor” access, including in 2016 when it refused a request to help bypass lockscreen security for an encrypted iPhone used in the San Bernardino, Calif., terrorist attack. Apple said at the time that it would be “wrong to intentionally weaken our products with a government-ordered backdoor,” and it also declined to add a capability to input passcodes electronically that would enable “brute force” guessing attempts.
For users, Lockdown Mode is available on Apple’s newer operating systems, including iOS 16 and macOS Ventura, and it works by applying strict security limits to certain apps and features, or making some unavailable, to shrink the areas that advanced spyware can attack. It also limits the kinds of browser technologies websites can use and restricts how photos can be shared.
Turning the feature on is separate for each device. Apple guidance says users should update their iPhone, iPad or MacBook, then enable Lockdown Mode in the device settings—entering a passcode to activate it rather than using facial or fingerprint authentication—after which the device restarts. Apple also recommends switching it on for all Apple devices a person owns, and users can turn it off by repeating the same process.
With Lockdown Mode enabled, Apple says some websites may load slowly or not work properly, and certain images and web fonts could be missing due to blocks on “certain complex web technologies.” The feature also changes messaging behavior by blocking most Messages attachments, and it prevents link previews and certain links. In FaceTime, incoming calls are blocked unless they are from numbers the user has called in the past month.
Apple says Lockdown Mode also affects photos and other device behaviors. In Photos, location information is stripped from shared photos and shared albums are removed from the Photos app, and Focus mode does not work normally. The setting can also tighten restrictions on connecting devices to unsecure Wi-Fi networks or to other computers and accessories.
A separate test described in the reporting illustrated how those restrictions can translate into day-to-day disruptions. The reporter said some apps warned that functions might not work, that at least one news app used a different font in some cases, and that photos on some websites did not appear. They also reported that web-based check-in using a QR code did not work because the phone camera would not function in Lockdown Mode for that scenario, while a standalone Code Scanner app still worked.
While the practical trade-offs vary by how a person uses their device, the Natanson case has put Apple’s “optional, extreme” tool into sharper focus by showing how it can limit the government’s ability to extract data from a device even under a warrant—while leaving other access routes, such as use of biometrics authorized by the court, available under the terms of that warrant.