Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked by Spyware—Here's What That Means

What Lockdown Mode Actually Does

Lockdown Mode works by aggressively reducing the attack surface of your device. It disables features that spyware vendors commonly exploit to gain initial access:

• Messages: Blocks most attachment types except images, video, and audio. Disables link previews entirely
• Web browsing: Disables JIT compilation in WebKit, eliminating a common exploit vector. Some websites may load slowly or incompletely
• FaceTime: Rejects incoming calls from contacts you have not previously called
• Wireless connectivity: Prevents automatic joining of non secure Wi Fi networks. Disables 2G cellular support on iPhones
• Wired connections: Blocks USB data connections when the device is locked
• Configuration profiles: Prevents installation of configuration profiles and MDM enrollment

Each restriction removes a potential entry point. Spyware vendors like NSO Group have historically relied on zero click exploits delivered through iMessage attachments and WebKit vulnerabilities, exactly the vectors Lockdown Mode disables.

The Important Caveat

Security researchers draw a critical distinction between "hasn't been hacked" and "can't be hacked." Apple's precise language says no known successful attack has been documented. That leaves open the possibility that a breach occurred and simply has not been detected or disclosed.

State level intelligence agencies may operate outside the detection networks that researchers and companies like Apple rely on. A nation state with sufficient resources could theoretically develop exploits that bypass Lockdown Mode without anyone in the security community learning about it. The absence of evidence is not evidence of absence.

That said, the commercial spyware industry generates billions in revenue from selling exploits to governments worldwide. If any of these vendors had cracked Lockdown Mode, it would represent an enormous competitive advantage. The fact that none appear to have done so suggests the feature has meaningfully raised the cost and difficulty of exploitation.

Who Should Enable Lockdown Mode

Apple designed Lockdown Mode for people who face "extremely rare and highly sophisticated cyber attacks." In practice, this includes:

• Journalists covering authoritarian governments or organized crime
• Human rights lawyers and activists working in hostile environments
• Government officials and diplomats who may be targets of state sponsored surveillance
• Anyone who has received an Apple threat notification about potential spyware targeting

The spyware threat is not theoretical. In the past year alone, Italian journalists were confirmed hacked with Paragon spyware, Hungary charged a journalist with espionage after Pegasus surveillance, and leaked government hacking tools entered criminal circulation. Meanwhile, the first stalkerware maker prosecuted in a decade walked away with just a $5,000 fine.

The Tradeoffs

Lockdown Mode is not invisible. The restrictions create noticeable friction in daily use:

• Web pages may render incorrectly or load slowly due to disabled JavaScript compilation
• You will not receive attachments in Messages from unknown senders
• Some enterprise features like MDM profiles will not work
• Web fonts may not display, and some images may appear broken

For most people, these tradeoffs are not worth the protection level. But for anyone in a high risk category, the inconvenience of slower web pages is trivial compared to having their device compromised by government spyware.

How to Enable Lockdown Mode

On iPhone or iPad: Open Settings, then Privacy & Security, then Lockdown Mode, and tap Turn On Lockdown Mode. Your device will restart to apply the changes. The feature is also available on Mac through System Settings.

You can exclude specific apps and websites from Lockdown Mode restrictions if needed, allowing you to maintain functionality for trusted services while keeping protection active against unknown threats.