Is it possible to browse comfortably even if ``lockdown mode'' that protects devices with iOS 16 or iPadOS 16 from spyware is enabled?



The major version of the next OS '

iOS 16 ' announced by Apple at WWDC22 , an event for developers in June 2022, is equipped with an extremely advanced security function ' Lockdown Mode ' as a countermeasure against spyware and hacking that are causing a stir in the world. It has been. Russell Graves, who runs a technology blog, reports on the feeling of browsing with such lockdown mode enabled.

Analyzing iOS 16 Lockdown Mode: Browser Features and Performance
https://www.sevarg.net/2022/07/20/ios16-lockdown-mode-browser-analysis/

``Lockdown Mode'', which Apple installs in iOS 16, iPadOS 16, and macOS Ventura, provides an extremely high level of security for journalists, politicians, and human rights activists who are at risk of being targeted by advanced targeted spyware. This is the function. Since it is a standard feature of the OS, general users can also enable lockdown mode and use smartphones and tablets.

iOS 16, iPadOS 16, macOS Ventura's new feature 'lockdown mode' can also block advanced spyware targeting key figures-GIGAZINE



Enabling lockdown mode makes the following changes to your device's functionality:

Messages: Most attachments other than images are blocked and some features like link previews are disabled.
Browsing: Complex web technologies such as the JavaScript runtime compiler are disabled unless the site is registered as trusted by the user.
Apple services: Call invitations and service requests, including FaceTime, will be blocked unless they are from someone the user has previously called or sent a request to.
- Wired connections to PCs and accessories are blocked while the iPhone is locked.
- You will not be able to install configuration profiles or enroll devices in mobile device management.

Graves highly values these features as they are effective in narrowing the loopholes for attackers to access the device as much as possible. Then, using the beta version of iPadOS 16.0 actually installed on the 5th generation iPad, I browsed while enabling lockdown mode to see how it works.

To enable lockdown mode, turn on the toggle from 'Settings' → 'Privacy and security' → 'Lockdown mode' OK. When you enable it and open a browser such as Safari, you will see a message below the browser bar indicating that lockdown mode is enabled.



You can also set to disable lockdown mode on specific websites. With the website open, tap the 'aA' icon on the left side of the address bar to display the menu and select 'Website Settings' to disable it from the 'Lockdown Mode' item.



Websites with lockdown mode disabled will display a message to that effect below the address bar.



Apple explains that ``complex web technologies such as JavaScript runtime compilers'' are disabled when browsing in lockdown mode. The ``disabled technology'' actually confirmed by Mr. Graves is as follows.

WebRTC : A function that provides real-time communication via an API to web browsers, enabling implementation of voice chat, video chat, file sharing, etc. within web pages without installing plug-ins or downloading apps.
WebGL : API for rendering interactive 2D and 3D computer graphics on a web browser.
HTML5 functions: Functions related to WebRTC, voice recognition API, web audio API, etc.

In addition to the above, image files such as TIFF , BMP (24-bit), JPEG 2000 and PDF will no longer render in Safari. Due to the invalidation of PDF, it is no longer possible to open the PDF file on the browser, but if the PDF file is downloaded, it can be opened outside the browser.

It has also been confirmed that icons disappear on various websites. It is speculated that this is not a problem with the image file, but because it does not download custom web fonts.



After disabling lockdown mode on a specific website, if you want to re-enable lockdown mode without returning to the website, go to Settings > Safari > Lockdown Mode. You can change the settings from



You can also enable lockdown mode for all websites at once.



The problem with lockdown mode is that it disables the runtime compiler that is implemented to improve the execution speed of JavaScript, so the performance of web pages that implement heavy JavaScript is degraded. You can Mr. Graves actually used benchmark software called

JetStream 1.1 , such as 'iPad G5 (5th generation iPad with lockdown mode disabled)' 'iPad G5 Lockdown (5th generation iPad with lockdown mode enabled)' Below is a graph comparing the benchmarks. Enabling lockdown mode on the 5th generation iPad has shown a 12.9-fold decrease in performance.



On the other hand, in benchmarks using

Speedometer 2.0 , which measures the reactivity of web browsers in general, not only JavaScript but also rendering, performance degradation is suppressed to 1/1.94.



Mr. Graves reports that he actually used lockdown mode and that the websites he usually browsed were basically working normally, and there were no problems overall. For example, Google Maps can be used basically without problems, and it seems that performance deteriorates slightly when the map is enlarged.

'All I can say is 'try it for yourself and see what you think'. You'll definitely feel the difference in performance, so for those who say 'any slowdown is unacceptable!' would not like lockdown mode,' said Graves. Also, although the impact is greater on websites that implement heavy JavaScript, if the website is reliable, it is possible to disable lockdown mode individually.

``To call modern smartphones the ``targets that attackers are looking at'' greatly understates the problem, said Graves. You have access to everything.Your smartphone is with you, giving you access to you and the physical environment around you.Always-on high-bandwidth data, high-performance microphones, cameras, GPS, accelerometers, most of your online life, All your credentials...these are your everything.' In authoritarian nation-states, it makes sense for governments to use spyware and hacks to monitor dissidents, and it is important to improve smartphone security.

Lockdown Mode also takes the approach of simply taking the complexity out of the way and reducing the target surface area for hacks and spyware as much as possible, rather than adding complexity to improve security. This point also seems to be favorable for Mr. Graves, and he highly appreciates the lockdown mode. Graves argued that security-conscious people, as well as ordinary people, should enable lockdown mode if possible, and that web developers should support browsing in lockdown mode. Did.

in Mobile,   Software,   Web Service,   Security, Posted by log1h_ik