Remember...they can make you use touch id...they can't make you give them your password.

https://x.com/runasand/status/2017659019251343763?s=20

The FBI was able to access Washington Post reporter Hannah Natanson's Signal messages because she used Signal on her work laptop. The laptop accepted Touch ID for authentication, meaning the agents were allowed to require her to unlock it.

I find it so frustrating that Lockdown Mode is so all-or-nothing.

I want some of the lockdown stuff (No facetime and message attachments from strangers, no link previews, no device connections), but like half of the other ones I don't want.

Why can't I just toggle an iMessage setting for "no link preview, no attachments", or a general setting for "no automatic device connection to untrusted computers while locked"? Why can't I turn off "random dickpicks from strangers on iMessage" without also turning off my browser's javascript JIT and a bunch of other random crap?

Sure, leave the "Lockdown mode" toggle so people who just want "give me all the security" can get it, but split out individual options too.

Just to go through the features I don't want:

* Lockdown Mode disables javascript JIT in the browser - I want fast javascript, I use some websites and apps that cannot function without it, and non-JIT js drains battery more

* Shared photo albums - I'm okay viewing shared photo albums from friends, but lockdown mode prevents you from even viewing them

* Configuration profiles - I need this to install custom fonts

Apple's refusal to split out more granular options here hurts my security.

Sadly, they still got to her Signal on her Desktop – her sources might still be compromised. It's sadly inherent to desktop applications, but I'm sad that a lot more people don't know that Signal for Desktop is much, much less secure against adversaries with your laptop.

Is there an implication here that they could get into an iPhone with lower security settings enabled? There's Advanced Data Protection, which E2EEs more of your data in iCloud. There's the FaceID unlock state, which US law enforcement can compel you to unlock; but penta-click the power button and you go into PIN unlock state, which they cannot compel you to unlock.

My understanding of Lockdown Mode was that it babyifies the device to reduce the attack surface against unknown zero-days. Does the government saying that Lockdown Mode barred them from entering imply that they've got an unknown zero-day that would work in the PIN-unlock state, but not Lockdown Mode?

> Natanson said she does not use biometrics for her devices, but after investigators told her to try, “when she applied her index finger to the fingerprint reader, the laptop unlocked.”

Curious.

In China, there is only one way to deal with this situation: when the police summon you for the first time, do not bring your phone. Before the second summons, get a new phone or completely format your old one. However, this does not apply in cases of ongoing crimes or when someone is already wanted by the authorities, as they will not be given a second chance.

It seems unfortunate that enhanced protection against physically attached devices requires enabling a mode that is much broader, and sounds like it has a noticeable impact on device functionality.

I never attach my iPhone to anything that's not a power source. I would totally enable an "enhanced protection for external accessories" mode. But I'm not going to enable a general "Lockdown mode" that Apple tells me means my "device won’t function like it typically does"

Depending on your jurisdiction faceid is safer than fingerprint, because faceid won’t unlock while your eyes are closed.

In many European countries forcing your finger on a scanner would be permissible under certain circumstances, forcing your eyes open so far has been deemed unacceptable.

"Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make[sic] them harder to hack."

Funny to see disabling "features" itself described as "feature"

Why not call it a "setting"

Most iPhone users do not change default settings. That's why Google pays Apple billions of dollars for a default setting that sends data about users to Google

"Lockdown Mode" is not a default setting

The phrase "sometimes overlooked" is an understatement. It's not a default setting and almost no one uses it

If it is true Lockdown Mode makes iPhones "harder to hack", as the journalist contends, then it is also true that Apple's default settings make iPhones "easier to hack"

Can a hacked phone (such as one that was not in Lockdown Mode at one point in time) persist in a hacked state?

Obviously, the theoretical answer is yes, given an advanced-enough exploit. But let's say Apple is unaware of a specific rootkit. If each OS update is a wave, is the installed exploit more like a rowboat or a frigate? Will it likely be defeated accidentally by minor OS changes, or is it likely to endure?

This answer is actionable. If exploits are rowboats, installing developer OS betas might be security-enhancing: the exploit might break before the exploiters have a chance to update it.

Can't they just use Pegasus or Cellebrite???

Don't be idiots. The FBI may say that whether or not they can get in:

1. If they can get in, now people - including high-value targets like journalists - will use bad security.

2. If the FBI (or another agency) has an unknown capability, the FBI must say they can't get in or reveal their capabilities to all adversaries, including to even higher-profile targets such as counter-intelligence targets. Saying nothing also risks revealing the capability.

3. Similarly if Apple helped them, Apple might insist that is not revealed. The same applies to any third party with the capability. (Also, less significantly, saying they can't get in puts more pressure on Apple and on creating backdoors, even if HN readers will see it the other way.)

Also, the target might think they are safe, which could be a tactical advantage. It also may exclude recovered data from rules of handling evidence, even if it's unusable in court. And at best they haven't got in yet - there may be an exploit to this OS version someday, and the FBI can try again then.

We need a Lockdown mode for MacBooks as well!

What is she investigated for?

Previously, direct link to the court doc:

FBI unable to extract data from iPhone 13 in Lockdown Mode in high profile case [pdf]

https://storage.courtlistener.com/recap/gov.uscourts.vaed.58...

(https://news.ycombinator.com/item?id=46843967)

Can anyone speak to the relative safety or lack thereof using FaceID on individual apps while requiring a PIN to login to the device?

I have my phone setup this way because FaceID can be so convenient. I know it opens up more attack vectors than not using it but is it possible for a powerful actor to utilize the fact that it is enabled at all to gain access to a locked phone?

My Google pixel 5a randomly requires the pin/password every couple of days and will not accept biometrics. I have always assumed this was to heavily discourage using long passwords for this very reason.

It sounds like almost all of our devices have security by annoyance as default. Where are the promises of E2E encryption and all the privacy measures? When I turned on lockdown mode on my iPhone, there were a few notifications where the random spam calls I get were attempting a FaceTime exploit. How come we have to wait until someone can prove ICE can't get into our devices?

I trust 404 media more than most sources, but I can’t help but reflexively read every story prominently showcasing the FBI’s supposed surveillance gaps as attempted watering hole attacks. The NSA almost certainly has hardware backdoors in Apple silicon, as disclosed a couple of years ago by the excellent researchers at Kaspersky. That being the case, Lockdown Mode is not even in play.

Samsung phones have the Secure Folder which can have a different, more secure password and be encrypted when the phone is on.

I guess they got a 404

Given Cook's willing displays of fealty to Trump this time around I wouldn't be shocked if they were to remove lockdown mode in a future release.

Little too late for 1000 people hacked by pegasus.

For now! They’ll get something from open market like the last time when Apple refused to decrypt (or unlock?) a phone for them.

Every time I see these articles about iphones posing trouble for authorities, I always think of it as free (and fraudulent) advertisement.

I could be naive, but just don't think they'd really have any difficulty getting what they needed. Not that I give a fuck, but I guess I've seen one too many free ads.

They just need to ask apple to unlock it. And they can't really refuse under US law

Every time something like this happens I assume it is a covert marketing campaign.

If the government wants to get in they’re going to get in. They can also hold you in contempt until you do.

Don’t get me wrong, it’s a good thing that law enforcement cant easily access this on their own. Just feels like the government is working with Apple here to help move some phones.