← Back to context

Comment by orf

16 hours ago

This makes sense if you’re a human-rights journalist working in a dangerous country, with the threat of state-level actors looking to compromise you.

If you’re not then this seems quite paranoid, bordering on LARPing.

16 comments

orf

Reply
Gigachad  9 hours ago

I turned it on a week ago to see what it was like. I expected it to be significantly annoying, but I found basically nothing changed other than a bit of text in safari that says it's in lockdown mode. Otherwise I wouldn't have been able to to tell the modes apart. I was expecting the browser to be slower without JIT or use more battery but I haven't noticed any change, it's all still snappy.

Apple over hypes the "you need to be in significant danger" part. Basically anyone can turn this on and it's fine. The UX seems mostly exactly the same either way.

  • saagarjha  1 hour ago

    I take it that you mostly communicate with other people using services that are not iMessage.

    • Gigachad  1 hour ago

      I’m not a heavy iMessage user but I use it a bit and I haven’t noticed a difference there either. Photos still load, maybe pdfs wouldn’t work?

      1 reply →

tucnak  15 hours ago

I thought it was common knowledge that all kinds of Americans (not to mention other nations) are routinely compromised with zero-clicks, mostly developed in the US and Israel.

  • bayesnet  15 hours ago

    This is the kind of assertion without evidence that just muddies the waters. “All kinds” of people is so vague as to be an almost entirely vacuous category and “routine” means almost nothing without an actual quantification of how prevalent and frequent the problem is.

    It’s undeniable that the proverbial guns for hire make it easy (if not cheap) to target basically anyone — but just because the vibes are bad doesn’t mean we can just say “it’s common knowledge that …”

    The fact is mitigations are costly in terms of convenience and ease of use. Helping people make informed choices about whether to enable mitigations and bear that cost requires more than platitudes imo

lightedman  16 hours ago

"If you’re not then this seems quite paranoid, bordering on LARPing."

There are sooooooo many other situations where such device lockdown is warranted. Government intrusion, sensitive industry, journalism, anything ITAR/EAR covered, and more. Your reduction to a single issue is absurd.

Veserv  15 hours ago

LARPing is imagining that Lockdown mode protects you from state-level actors. It is frankly baffling why a industry that has been laughing for literal decades at even the possibility of stopping state-level actors just turns around and uncritically believes Apple's marketing team with literally zero support, evidence or proof except for a long track record of failure. You would think that extraordinary claims would demand extraordinary evidence.

We have seen multiple software hacks resulting in >10 million dollar payouts. Apple's bug bounty program only pays out 4 million dollars (2 million dollars (2x) more than non-Lockdown) for a zero-click total compromise that can trivially worm to take down hundreds of millions of iPhones simultaneously. Even at the low end of that cyberattack payout range that is still a >2x ROI if your successful cyberattack depends on a iPhone zero-click, with many publicly known attacks being in the 10x ROI range. Lockdown mode, at best, raises the bar slightly for commercial profit-motivated attackers and reduces their profit margin from wildly profitable to slightly less, but still, wildly profitable.

And of course I am using the Apple bug bounty program as merely a available metric with at least some semblance of objective support. There are zero certifications, audits, or analysis that Apple has even attempted that would confirm any claim of protection against state level actors.

  • bri3d  13 hours ago

    I strongly disagree that there is no evidence that Lockdown mode is effective; there have been numerous exposed, active iOS exploitation campaigns of which none have worked against Lockdown mode. When we're trying to prove a negative, that's actually some of the strongest evidence we can get.

    The economics of the device exploitation industry are completely orthogonal from bug bounty payouts; the markets only overlap at the _extreme_ fringes. Trying to use one as a proxy for the other is meaningless.

    • saagarjha  1 hour ago

      I don't necessarily disagree but a lot of chains will bail out if they find like the Norton Antivirus app on your phone so

  • orf  14 hours ago

    > We have seen multiple software hacks resulting in >10 million dollar payouts

    This sets a nice price bar for exploitation. Is someone willing to pay 10+ million dollars to get access to your phone?

    The obvious caveat here is that for a lot less than 10 million dollars someone can be hired to hit you with a metal pipe until you give up your passcode.

    > click total compromise that can trivially worm to take down hundreds of millions of iPhones simultaneously

    Where is the profit motive in doing this? Possibility is one thing, but a realistic threat is another.

    • microtonal  14 hours ago

      Is someone willing to pay 10+ million dollars to get access to your phone?

      Not yours specifically usually, but there is a lot of money in a general tool that law enforcement can use to read out phones. Of course, most of them focus on physical access. In the few Cellebrite reports/presentations that have leaked, iPhones would fall after a relatively short time (IIRC a few months), but did better than most Android phones (except GrapheneOS).

      Also, sometimes you do not need the 10M exploit, you can buy many cheaper exploits and make a chain yourself.

      The obvious caveat here is that for a lot less than 10 million dollars someone can be hired to hit you with a metal pipe until you give up your passcode

      If they hit you with a metal pipe, it's likely that you won't survive even if you give up your passcode. So most likely you are protecting something or someone else. Set up a duress PIN so that you have options in that case.

    • Veserv  14 hours ago

      ... really? Zero-click RCEs can be used on arbitrarily many phones until they are discovered which usually takes on the order of months. You do not need to burn them on every individual target.

      As a example of how they might be used in that fashion for profit, NSO group had a revenue of 240 million dollars in 2020. Many of their customers were governments who wanted to spy on activists and journalists. NSO group was in the business of economies of scale to democratize access to journalist devices by reusing a small stockpile of exploits across many targets with enough revenue to assure a steady stream of new exploits as fast as they were burned.

      2 replies →