The thing with Lockdown Mode is that it shifts the trade-off between functionality and security significantly away from functionality. This is an acceptable side-effect of intentionally disabling attack surface that isn't strictly required to have a useful phone. On the other hand, it also makes most social time wasting stuff not work, which is what the masses mostly use their phone for anyway.

This really is a mode designed for those who really desperately need it, and it really is implemented in a strong enough way to be useful (hardware root of trust, no-drive by changes since it requires a reboot with a wiped key bag cache so you must reauthenticate in order to change it). But all of that for consumer-attainable pricing. It doesn't have to be perfect and I'm sure in due time there will be jailbreak-esque attacks. But until then, this is effectively a very high barrier for an attacker that lacks the resources of a nation state (or a smart but bored teenager in a basement these days).

> On the other hand, it also makes most social time wasting stuff not work, which is what the masses mostly use their phone for anyway.

Got any info/links explaining that? Having only read Apple's webpage, it sounds to me like the major problem is slowed down javascript execution? I certainly didn't;t get the impression it's going to shut down all social media apps/websites?

It also disables some iMessage features, which could be classified under social, but it doesn’t seem like anything major.

> It doesn't have to be perfect and I'm sure in due time there will be jailbreak-esque attacks

No protection is perfect, and this kind of things are always another layer in a defence-in-depth approach. Just like car locks, the idea is that it becomes enough of a hurdle that someone on a fishing expedition will go look elsewhere. Of course it won't be enough for a determined state actor.

I would assume that disabling Lockdown Mode means wiping the phone to factory condition. Otherwise Lockdown Mode is only as secure as whatever PIN or password you use to disable it, which isn't particularly secure at all.

Yes, but if an attacker has physical access and unlimited time, you've probably lost anyway.

What this seems to be focused on are the "remote zero-click/one-click" vulnerabilities we've seen, in which either a message is delivered that never shows up but installs a backdoor hook, or a website can deliver a malware package to a particular user and install the backdoor hook without notifications.

It sounds like it does improve some of the physical security features, which should help reduce attack surface, but I wouldn't trust any bit of consumer electronics against a sustained physical attack by a sufficiently motivated adversary.

Sounds to me like it's targeting all the zero and one click exploits we've heard about over the last few years. Not having SMS/iMessage download and "parse" random files/formats and tightening up Javascript attack surface to not include JIT optimisations would probably have helped Jamal Kashoggi and his friends/contacts.

Even with this, there's not very much you can do against a state level actor who had physical control of your device and you, and a $5 wrench. Even without having you and being prepared to use violence, a sufficiently motivated state actor will probably get into your device anyway - Apple didn't6 cave to a judge when the FBI wanted them to break every iPhone user's security to get into the San Bernadino shooter's phone, but they didn't get to set a precedent there because someone else broke into that phone for the FBI anyway and they dropped that case...

Turning off Lockdown mode restarts the device but does not wipe it.

Might not be as convenient. Probably requires restarting the phone.

If you're in the habit of worrying about persistent malware on your device, "regular restarts" are one of the best things you can do.

Much of the low interaction malware is only persistent in memory, so a reboot will clear it until they get their claws back into you. Depending on what the attack path is, that may take some while - and using those attacks is still somewhat risky. "Having to re-pwn a phone every 6 hours" is a lot more risky to an attacker than "someone who never reboots their phone and never updates it."

Yes. Also, regularly doing a factory reset is another good hygiene habit to have, this will clear the more rare but persistent forms of malware, often brought on board by legitimate software you installed a long time ago but no longer use.

As soon as you enable lockdown mode in iOS 16 Beta 3 it reboots the phone