iPhone Lockdown Mode is so good even the FBI can’t crack it

FBI tech specialists have been unable to gain access to a journalist’s iPhone because it was in Lockdown Mode, court filings reveal.

As part of an investigation into the suspected leaking of classified data by a Pentagon contractor, the FBI last month raided the home of Washington Post reporter Hannah Natanson and confiscated a wide range of devices, including an iPhone 13 and two MacBook Pros. They were able to access one of the MacBooks by pressing Natanson’s fingertip on the Touch ID sensor (which was permitted under the terms of the search warrant), but they had no such luck with the iPhone.

“The iPhone was found powered on and charging, and its display noted that the phone was in ‘Lockdown’ mode,” representatives of the FBI report in a filing (via 404 Media) which opposes the return of the devices. “Because the iPhone was in Lockdown mode, [the Computer Analysis Response Team] could not extract that device.”

As 404 observes, the filing was made roughly two weeks after the raid, which implies that FBI specialists were unable to break through Lockdown Mode for that length of time. This gives us a rare glimpse into the feature’s effectiveness.

Lockdown Mode is a niche and rarely discussed iPhone security feature, an ultra-high-privacy setting, which was added in the iOS 16 software update back in 2022. It’s intended for iPhone owners working in specialised fields, such as journalism and political activism, where they could be targeted by state-sponsored spyware. The mode disables many features and impacts performance, but makes your device much more difficult to target.

While its principal aim is to thwart mercenary spyware attacks, Lockdown Mode can also prevent data from being extracted thanks to a change in the way the locked-down device interacts with external accessories: namely, that the iPhone has to be unlocked for an accessory to be connected. As 404 points out, many digital forensics tools used by law enforcement depend on making a physical connection in a way that Lockdown Mode prevents.

It’s debatable how Apple will feel about making headlines in this way. On the one hand, the situation serves as a reminder that iPhones have excellent security features, and that Apple is so committed to device privacy that it has made enemies in law enforcement. There are echoes of the San Bernardino case in 2015/2016, when Apple refused to write a custom iPhone OS to help the FBI access a mass shooter’s communications.

But on the other hand, Apple approaches the political establishment in a slightly more conciliatory way these days. How would Tim Cook react if the president posted messages to Truth Social complaining about Lockdown Mode and demanding it be removed in future versions of iOS? It’s hard to say, but I imagine he’d like to avoid that conversation.