Thanks to the work of cybersecurity researchers at Jamf Threat Labs it was possible to identify a new and worrying technique adopted by some cybercriminals to circumvent the lock mode are iPhone.
The function in question, introduced on Apple devices through iOS 16, is used to limit the use of the device and make it more difficult for potential attackers to reach. Apparently, however, this functionality is not yet perfectly integrated with the kernel iOS and, having some “cracks”, it lends itself to manipulation and abuse by cybercriminali.
Bypassing this restriction and using some techniques hookingcybercriminals can visually imitate the function, but without providing any kind of security to the user.
The researchers demonstrated, also through a demonstration video, how the device can be hijacked, tricking the iPhone into believing it has activated the mode and at the same time presenting a false screen. It is useless to confirm how, with these premises, cybercriminals can act calmly, given that the user is completely certain of being safe.
iPhone lock mode: a wake-up call that should not be ignored
The researchers also manipulated the mode of locking in Safari, one of the most used applications on iOS devices. By connecting to the code of browserthey forced the system to accept that lockdown mode was active, even when in reality it wasn’t.
While it is true that blocking mode has proven highly effective in the past (as in the zero-click exploit BLASTPASS last September), this discovery by Jamf Threat Labs is a wake-up call that must be heard. Although Apple, with iOS 17promptly corrected the vulnerability by elevating the use of the function to kernel level, which shows how it is necessary to never let our guard down.
Maintain i updated devices and use a password manager adequate, in this sense, they can be prevention measures that are still useful for the majority of users.