How Apple’s Lockdown Mode may not be secure for web browsing


Apple is set to introduce the new Lockdown Mode with iOS 16. This new feature from the Cupertino-based tech giant is said to increase the security of the iPhone significantly. However, a recent report claims that the way this feature works could reduce the device’s privacy while online browsing.
What is Apple’s Lockdown Mode
Lockdown Mode is an “extreme security setting” which is designed for high-risk groups like — journalists, politicians and other important figures — who can be targeted by nation-states or other cyber attackers. This feature disables multiple functions like — blocking message attachments and web technologies.
How this feature can make web browsing unsafe
According to a report by Motherboard (Vice), the Lockdown Mode’s feature restriction method can help websites to figure out if someone is using this high-security setting. The report mentions that websites can detect if some regular features like — custom fonts — are missing on a device. This process is reportedly known as fingerprinting which depends on collecting information about a user’s browser, device and other metrics.

Considering that, the websites are capable of identifying a user’s IP address by connecting them to their’s iPhone’s Lockdown Status. The report claims that this loophole can eventually turn this high-risk security mode into a privacy risk and explains the feature as “trading anonymity online with higher security”.
Another report by AppleInsider suggests that the Lockdown Mode in Apple devices “makes you safer, but also makes you easier to identify in a crowd.” A proof of concept was also reportedly demonstrated that was able to detect whether a user is in Lockdown Mode in about “five minutes,” the report notes.
How websites are detecting the Lockdown Mode
Meanwhile, the report has made it clear that the ability of websites to detect if a device is in Lockdown Mode is not for any bug, but an outcome of how the system is designed to make iPhones more secure. There are now ways to mitigate these privacy drawbacks, the report adds.
As per the report, similar privacy-focused platforms like the Tor browser also have the same issues. As Tor reportedly puts in a lot of effort to reduce website fingerprinting, users of the browser usually end up “standing out” as their browsers are the only ones with a set of specific settings.

Apple’s take on the situation
The report also mentions that Apple is aware of this loophole and has explained that the feature intentionally disables web fonts to reduce the online attack surface. The company mentioned that it wouldn’t make sense to make an exception for custom fonts due to the threat model that Lockdown Mode addresses.
Another security researcher has claimed that if enough users turn on Lockdown Mode, they’ll blend in with the others and it will be very difficult for websites to detect any specific target.



Read original article here

Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More