Web sites Can Determine If You’re Utilizing iPhone’s New ‘Lockdown’ Mode

A woman using an iPhone.

Picture: Urupong/Getty Photographs

As soon as Apple launches the brand new iPhone and iPad working system early subsequent month, customers will have the ability to activate a brand new privateness mode that the corporate calls “excessive.” It’s made for journalists, activists, politicians, human rights defenders, and anybody else who could also be nervous about getting focused by refined hackers, maybe working for governments armed with spy ware made by corporations equivalent to NSO Group. Apple calls it “Lockdown Mode” and it really works by disabling some common iPhone options which were exploited to hack customers previously. 

But when customers activate Lockdown Mode, they are going to be straightforward to fingerprint and establish, in line with a developer who created a proof of idea web site that detects whether or not you may have Lockdown Mode enabled or not. In different phrases, Lockdown Mode customers shall be straightforward to detect and they’re going to stand out as a result of Lockdown Mode will presumably be comparatively unusual.

John Ozbay, the CEO of privateness centered firm Cryptee, and a privateness activist, instructed Motherboard that any web site or on-line advert can detect whether or not some common options are lacking, equivalent to loading customized fonts, one of many options that Lockdown Mode disables. 

“To illustrate you are in China, and also you’re utilizing Lockdown Mode. Now, any web site that you just go to might successfully detect you might be utilizing Lockdown Mode, they’ve your IP handle as properly. So they are going to truly have the ability to establish that the consumer with this IP handle is utilizing Lockdown Mode,” Ozbay stated in a name. “It is a tradeoff between safety and privateness. [Apple] selected safety.”

Do you, or did you used to, work at Apple? We would love to listen to from you. Utilizing a non-work cellphone or pc, you’ll be able to contact Lorenzo Franceschi-Bicchierai securely on Sign at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or electronic mail lorenzofb@vice.com

Ozbay stated that there are a number of options that Lockdown Mode disables, and that web sites might detect, however the lack of loading customized fonts is “the best factor to detect and exploit.”

“It took us 5 minutes to place the code collectively and see if this was working,” he stated. 

This challenge, which is technically not a bug however only a particular downside of how Lockdown Mode is designed, might paint a large goal on the again of customers who’re seemingly Apple’s most weak customers. There sadly could also be no method round it.

“As for fingerprinting, it’s sadly a commerce off we all the time must take care of. The identical is true of Tor and the Tor Browser—they go to very large lengths to scale back any fingerprinting capacity however you find yourself standing out since you’re the one with much less traceable fingerprints,” Ryan Stortz, an unbiased safety researcher who has studied iOS, instructed Motherboard. 

Ozbay created a proof-of-concept web site that detects whether or not the customer is utilizing Lockdown Mode. Motherboard verified it really works by visiting the web site with an iPhone with out Lockdown Mode enabled, and asking Stortz, who has Lockdown Mode enabled, to go to the positioning.


A screenshot of the proof-of-concept web site created by Ozbay. (Picture: Motherboard)

Ozbay reached out to an Apple worker on Twitter and had a dialog with him in regards to the points he discovered. The worker, in line with screenshots of their chat, instructed him that “net fonts are disabled deliberately to take away font parsing from obtainable net assault floor,” and that “watering gap assaults are a part of our menace mannequin, so I am undecided it could make sense to have net font exceptions per website.” (Watering gap assaults are exploits the place hackers lure a sufferer to a identified web site the place they injected malware, or a copycat of a identified web site that serves malware.)

In different phrases, there’s nothing Apple can do proper now to mitigate this challenge with out essentially altering how Lockdown Mode works.

Apple didn’t reply to a request for remark. 

Even when Apple doesn’t make any modifications, Stortz hopes that if sufficient individuals activate Lockdown Mode, everybody will mix in and will probably be more durable to be recognized as an attention-grabbing goal.

“Clearly it’s important to decide into Lockdown Mode and are sorta signaling that you just suppose you’re doubtlessly of curiosity to a nation state attacker however Apple additionally made it painfully straightforward to activate,” he stated. “So ideally you’d be misplaced within the crowd of people who find themselves extra privateness aware with out the focused spying issues.” 

UPDATE, Friday Aug. 26, 11:24 a.m. ET: This story has been up to date to make clear that Lockdown Mode customers shall be straightforward to detect and they’re going to stand out, however is not going to essentially be straightforward to fingerprint individually.

Subscribe to our podcast, CYBER. Subscribe to our new Twitch channel.

Supply hyperlink