Apple has acknowledged that it is a known bug that VPN data leaks and doesn’t necessarily disconnect from the connection after activating a VPM. It’s kind of the number one thing someone using Lockdown Mode would use.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
How to Enable Lockdown Mode for Heightened Security on iPhone and iPad
- Thread starter MacRumors
- Start date
- Sort by reaction score
Apple has acknowledged that it is a known bug that VPN data leaks and doesn’t necessarily disconnect from the connection after activating a VPM. It’s kind of the number one thing someone using Lockdown Mode would use.
Lockdown doesn’t do anything with VPN, though. Anything at all.
About Lockdown Mode - Apple Support
Lockdown Mode helps protect devices against extremely rare and highly sophisticated cyber attacks.
Lockdown mode isn’t much good if iOS is going to constantly leak information.
VPN leaks only if you turn it on without restarting the device. If it's on when you start, all connections are secure.
Because I don’t want any Tom, Dick or Harry to be able to take unsolicited photos using my camera and have them automatically uploaded to my iCloud account without my express knowledge. Especially in a so-called Lockdown Mode. Apple’s absolute refusal to address this problem makes me suspicious that it’s a vector of entry for the feds. It’s not even necessary in the era of Face ID so there’s no excuse for it not being an optional toggle.
Lockdown mode: you are protected from every one except Apple that has your iCloud encryption keys which they are required by law to give to the USA gov. at any time of request!
Yes very clever. I will respectfully suggest that anyone who refuses to acknowledge that this is a legitimate security concern for some users is either hopelessly captured in Apple’s reality distortion tractor beam or doesn’t have much of an imagination.
Good article on Lockdown mode. Don’t think everyone needs to use it though.
To be fair I understand that a lot of the content is end-to-end? But I’m almost certain that what you say applies to the entire device backup in iCloud. Apple doesn’t even make this overtly clear to its users which is, again, suspicious. First thing any wannabe Snowdon does with their iPhone/iPad is disable iCloud backups and delete any pre-existing.
Which Apple can say it is deleted but saves a series of backups in their server without user ever knowing.
Yeah no doubt, but we can at least take all measures available to us 👍
Oh, it’s most certainly, without a doubt, a legitimate security concern. One that Lockdown Mode does nothing about, of course, but still very much a valid concern.
Ah yes, if you have that kind of threat model then you have to use alternative methods. It is possible though. You can completely disable the stock camera app using screen time. This will stop Lock Screen activation. The caveat is the now you no longer have the stock camera app usable at all. But you can find a nice privacy respecting alternative on the AppStore to replace it with if you wished.
Edit: this last statement I made is incorrect. Disabling the camera app disabled the camera completely so if switched off there is no was to use an alt app.
Last edited:
Indeed but that merely demonstrates how ridiculous the situation is. I believe you can also disable the camera shortcut one time by restarting the device and not entering your pass key, but I’d have to double check that. In any case Apple needs to address this gaping security hole, and the fact that they refuse to do so increasingly leads me to believe that it’s there for a reason…
Well if it’s possible, it’s possible. It’s not that ridiculous in that case. Nor is it a gaping hole. If it wasn’t possible at all or it was a cludgy work around I would agree. Perhaps it should be more simple but it’s certainly not complicated.
Really?
That means JavaScript-execution being 2008-level of slow. And you didn't notice this?
The first step in any secure technology is to not let anyone get physical access to your device, though. If they have access to be able to take a series of pictures, they ALSO have access to apply any number of hands-on exploits which could put your phone in an insecure state. In that eventuality, someone potentially taking pictures would be the LEAST of your worries.
Sure. Or they could just add a toggle for this and draw a line under it.
We’re all entitled to our opinions but, in the end, no amount of excuses or mental gymnastics are ever going to get around the simple logic that this should be optional. It’s a long standing security hole and it needs fixing. The fact that it seemingly remains in place when a new Snowdon Mode is activated is just the icing on the already laughable cake. It raises serious questions.
ETA: In case I’m not being clear enough, my suspicion is that this camera shortcut is one of the potential hands-on exploits that you allude to. Pure speculation on my part of course but as more time passes it becomes increasingly likely in my mind that this is not an oversight.
Last edited:
I guess I just don’t understand the potential exploit. They have physical access to your phone, so they have the capability to install malware or a backdoor that gives them full access to your device for as long as you don’t restore from backup, BUT, instead, they’d use that precious small window of time where they have physical access to your device and… they take some pictures?
Both hypothetical scenarios would not be possible if the shortcut were not there. That is the main point. It should be optional. It really can’t be that difficult to implement this change and yet all we get from them is crickets. Everyone is free to form their own views on this but I for one think it’s extremely strange behaviour for a tech company that positions itself as the paragon of digital security.
But, even if the shortcut was not there, if the government had physical access to your device, they could STILL get pictures ON your device and INTO your iCloud.
Actually, if the government wanted pictures in your iCloud, they wouldn’t even bother with trying to get your device, there’s far more reliable ways for doing that which would require fewer resources and, as a result, are the more likely action they’d take if that was their ultimate goal.