We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

iPhone Fake Lockdown Mode Threat Uncovered

iPhone Fake Lockdown Mode Threat Uncovered
Author Image Zane Kennedy
Zane Kennedy Published on 8th December 2023 Cybersecurity Researcher

In an alarming revelation for iPhone users, Jamf Threat Labs has uncovered a sophisticated cybersecurity threat termed "Fake Lockdown Mode." This form of post-exploitation tampering is designed to deceive users into believing their Apple iPhone is secure in Lockdown Mode when, in reality, it is not.

Researchers Hu Ke and Nir Avraham from Jamf Threat Labs have detailed how this method effectively mimics the visual aspects of Apple's Lockdown Mode, a security feature introduced in iOS 16. By reducing the device's attack surface, Lockdown Mode was developed to safeguard high-risk individuals from advanced digital threats, such as state-sponsored spyware. However, it does not prevent malware operation on already compromised devices.

Fake Lockdown Mode allows attackers to manipulate a compromised device to display Lockdown Mode indicators, thus creating a false sense of security among users. This is particularly concerning for high-profile targets like journalists, government officials, and executives who rely on Lockdown Mode for heightened protection against cyber espionage.

Jamf's research highlights that, while effectively reducing potential entry points for attackers, Lockdown Mode is not a cure-all. It doesn't function as antivirus software and cannot detect or stop malware that has already breached the device's defenses. The illusion of security created by the Fake Lockdown Mode potentially leads users into a false sense of complacency, undermining the security feature's intent.

In their technical report, Jamf Threat Labs demonstrates the ease with which an attacker can manipulate Lockdown Mode settings and user interface elements, such as Safari's Lockdown Mode indicators, to create a convincingly false security environment. The research also noted that with iOS 17, Apple enhanced the security of Lockdown Mode by integrating it into the kernel level. However, this advancement does not counteract post-exploitation tampering techniques like the Fake Lockdown Mode.

This development is particularly alarming given the recent detection of the BLASTPASS exploit chain in September 2023, targeting the latest iOS versions. Apple has confirmed that activating Lockdown Mode could thwart such attacks, so techniques like Fake Lockdown Mode introduce new vulnerabilities.

The Jamf report serves as a crucial reminder for users about the importance of understanding the limitations of security features like Lockdown Mode. It underscores the need for users to keep their devices updated with the latest software versions and to remain vigilant about potential security threats.

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.