iPhone’s New ‘Lockdown Mode’ Lets Websites Identify Users, Says Researcher

Apple’s newly introduced ‘Lockdown Mode’ privacy feature in iOS 16 and iPadOS 16 works by disabling some regular iOS features that have been exploited to hack users in the past.

However, privacy activist John Ozbay, who is also the CEO of privacy firm Cryptee, has discovered that this Lockdown Mode is easy for any website or online ad to detect, which makes it easier for spyware and hackers to fingerprint and identify the users (via Motherboard).

Apple says the new privacy feature is made for journalists, activists, politicians, and anyone else who may be worried about getting targeted by hackers. But Ozbay’s proof of concept website shows how easy it is to detect whether you have Lockdown Mode enabled or not.

“Let’s say you’re in China, and you’re using Lockdown Mode. Now, any website that you visit could effectively detect you are using Lockdown Mode, they have your IP address as well. So they will actually be able to identify that the user with this IP address is using Lockdown Mode,” Ozbay said.

“It’s a tradeoff between security and privacy. [Apple] chose security.”

Ozbay said that there are several features that Lockdown Mode disables, and that websites could detect, but the lack of loading custom fonts is “the easiest thing to detect and exploit.”

“It took us five minutes to put the code together and see if this was working,” he said.

At this point, it seems there isn’t much Apple can do now to mitigate this issue without changing how Lockdown Mode works altogether.