IBM Security MaaS360

 View Only

Apple Lockdown Mode

By Kiran Kumar Naidu Srp posted Sat April 06, 2024 09:37 AM

  

Authors: @Kiran Kumar Naidu Srp and @Gokarna Jaiswal

Introduction: 

In the ever-evolving landscape of digital security, cybersecurity threats are evolving exponentially, and it is imperative to keep your devices safe. The devices remain susceptible to various cyber threats, including malware, phishing attacks, and unauthorized access. Sophisticated attackers might exploit vulnerabilities in messaging apps, web browsers, or other services.

Apple continues to push the boundaries with innovative features, for its iPads, iPhones, Watch and MacBooks, apple provides an extreme protection mode called Lockdown Mode majorly to protect its high-end users such as government officials, corporate executives, journalists, activists, and other users who are susceptible to cyber-attacks. 

When Lockdown Mode is enabled, your device won’t function like it usually would. To reduce the attack surface that could potentially be exploited by highly targeted covetous spyware, certain applications, websites, and features will be strictly limited for security, and some of the experiences may not be available at all.

Applicable OS versions:

1.             iOS 16 or later.

2.             iPadOS 16 or later.

3.             watchOS 10 or later.

4.             macOS Ventura or later.

Configuring lockdown mode on the device:

Settings → Privacy & Security → Lockdown Mode → ON/OFF


Note:

  • MDM configuration profiles can’t be installed, and the device can’t be enrolled in Mobile Device Management or device supervision while in Lockdown Mode.
  •  A device that is enrolled in Mobile Device Management before Lockdown Mode is enabled remains managed. System administrators can install and remove configuration profiles on that device.
  • Lockdown Mode is not a configurable option for Mobile Device Management by system administrators, as it’s designed for the very small number of individual users who might be targeted by extreme cyber-attacks.
  • If the lockdown mode is enabled on your device, you would see the following alert from Apple when apps are opened - "Lockdown Mode is Turned ON for MaaS360 - Certain experiences and features may not function as expected. You can turn off Lockdown Mode for this app in Settings". Screenshot below:

 

Lockdown Mode and MaaS360:

MaaS360 will help you provide additional security capabilities on top of the Lockdown Mode, making the end points (Apple Devices) robust and secure. MaaS360 also monitors devices with the aim of identifying suspicious activities and responding to security threats in real-time. When a threat is detected, MaaS360 initiates the predefined remediation action and shares threat intelligence with the MaaS360 portal.

Our capabilities work in perfect sync with apple’s lockdown mode and gives the device a virtual shield for the cyber attacks. We have tested the major workflows that our MaaS360 customers intend to use while the lockdown mode is enabled on the device. Various touch points are working as expected when lockdown mode is enabled, some of them include:

Unified Endpoint Management

App distribution, Policies and Settings, Device action, Rules, Locations etc.

Mobile Threat Defence

Phishing Protection, Compliance, Sim Change Detection, Quarantine, Malware detection etc.

Mobile Enterprise Gateway and Location

MEG3 VPN, Location access from MaaS360 agent app etc.

A Use Case :

  • Imagine a corporate executive attending a high-stakes negotiation. 
  • Lockdown Mode is activated to prevent unauthorized access during sensitive discussions.
  • MaaS360 ensures that critical communication channels remain secure.
  • The executive collaborates with trusted colleagues, accesses essential apps and settings, and protects sensitive data.

Non MDM features/apps which might get impacted on Lockdown mode:

These are some of the apps/features that apple has documented which will have certain impact on the functionality when lockdown mode is enabled on the device.

Feature/App

Impact

🛜

Wireless connectivity
Your device won’t automatically join non-secure Wi-Fi networks and will disconnect from a non-secure Wi-Fi network when you turn on Lockdown Mode. 2G mobile support is turned off.

🔗

Device connections
To connect your iPhone or iPad to an accessory or another computer, the device needs to be unlocked. To connect your Mac laptop with Apple silicon to an accessory, your Mac needs to be unlocked and you need to provide explicit approval.

📷

Photos

When you share photos, location information is excluded. Shared albums are removed from the Photos app, and new Shared Album invitations are blocked. You can still view these shared albums on other devices that haven’t enabled Lockdown Mode.

💬

Messages

Most message attachment types will be blocked, other than certain images, video and audio. Some features, such as links and link previews, will be unavailable.

🌐

Web Browsing

Certain complex web technologies will be blocked, which may cause some websites to load more slowly or to not operate correctly. In addition, web fonts may not be displayed, and images may be replaced with a missing image icon.


Facetime

 Incoming FaceTime calls will be blocked unless you’ve previously called that person or contact. Features such as SharePlay and Live Photos are unavailable.

Apple services

Incoming invitations for Apple services, such as invitations to manage a home in the Home app, are blocked unless you have invited that person previously. Game Center is also disabled.

Conclusion :

MaaS360 is a comprehensive mobile security solution designed to safeguard mobile devices in today’s dynamic workplace and has a proven track record of maintaining a good cybersecurity posture, and efficiently protects against advanced threats, all while ensuring a positive user experience. While Lockdown Mode restricts certain functions, MaaS360 maintains a balance. Users can still access necessary apps and services without compromising security. Together, Apple Lockdown Mode and MaaS360 create a robust defence against sophisticated attacks. Lockdown Mode provides the initial lockdown, while MaaS360 adds layers of control, threat detection, and management.

References :

  1. About Lockdown mode : https://support.apple.com/en-in/105120 
  2. Restrictions that don't work on lockdown mode :  https://developer.apple.com/documentation/devicemanagement/restrictions
  3. Apple developer forum lockdown mode discussion : https://forums.developer.apple.com/forums/thread/710176
  4. Harden your iPhone from a cyberattack with Lockdown Mode - https://support.apple.com/en-in/guide/iphone/iph049680987/ios
2 comments
47 views

Permalink

Comments

Wed April 17, 2024 06:33 AM

Surprised to see that MaaS360 works even in Lockdown Mode but adds a layer of security!! Informative read! 

Mon April 08, 2024 11:58 AM

Thank you Kiran for this great blog entry, very helpful!