Apple says no one using Lockdown Mode has been hacked with spyware

Source: TechCrunch

Apple says no Lockdown Mode device has been hacked with spyware

Almost four years after launching a security feature called Lockdown Mode, Apple says it has yet to see a case where someone’s device was hacked with these additional security protections switched on.

“We are not aware of any successful mercenary spyware attacks against a Lockdown Mode‑enabled Apple device,” Apple spokesperson Sarah O’Rourke told TechCrunch on Friday.

It’s the tech giant’s most recent affirmation that Apple devices with Lockdown Mode can withstand government spyware attacks, after first making the claim a year after the security feature’s debut.

Apple announced Lockdown Mode in 2022, an opt‑in series of security protections that disables certain iPhone features commonly exploited by spyware. The mode was released to help at‑risk customers defend themselves from government‑backed spyware from companies such as Intellexa, NSO Group, and Paragon Solutions.

Apple’s notifications and visibility

In recent years Apple has conceded that its customers can be hacked by spyware and has become more proactive about notifying those who have been targeted.

• Apple has sent numerous batches of notifications to users in over 150 countries, alerting them that they may have been hacked with spyware.
• The company has not disclosed how many users have been notified, but the volume suggests dozens, if not more.

Image Credits: Apple (supplied)

Independent research and evidence

Donncha Ó Cearbhaill, head of the security lab at Amnesty International, said his team “have not seen any evidence of an iPhone being successfully compromised by mercenary spyware where Lockdown Mode was enabled at the time of the attack.”

Digital‑rights organizations such as Amnesty International and the University of Toronto’s Citizen Lab have documented several successful attacks on iPhone users, none of which mention a bypass of Lockdown Mode. In at least two cases, Citizen Lab researchers publicly said they had seen Lockdown Mode actively block spyware attacks:

• NSO’s Pegasus – TechCrunch article
• Predator spyware (made by a company now part of Intellexa) – TechCrunch article

In at least one documented case, Google researchers said the spyware would abort its infection attempt if it detects Lockdown Mode, likely to evade detection – source.

Expert commentary

Patrick Wardle, an Apple cybersecurity expert and critic, called Lockdown Mode “one of the most aggressive consumer‑facing hardening features ever shipped.”

“It kills entire delivery mechanisms/exploit classes. It blocks most message‑attachment types, restricts WebKit features. This is a huge reduction in remotely reachable attack surface, especially for zero‑click exploit chains,” he told TechCrunch.

Wardle explained that by “shrinking the attack surface,” Lockdown Mode forces spyware makers to use more complex and expensive techniques.

Personal experience

I have used Lockdown Mode for years and rarely think about it—except when it pops up notifications that can be occasionally confusing. Some features are disabled, requiring extra steps such as copying and pasting links from text messages to a browser. This is why I, and several digital‑security experts, recommend it to anyone worried about being targeted by spyware.

Contact Us

Do you have more information about spyware attacks or spyware makers? From a non‑work device, you can contact Lorenzo Franceschi‑Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase, and Wire @lorenzofb, or by email.

## Lorenzo Franceschi‑Bicchierai  

*Senior Writer at TechCrunch* – covering hacking, cybersecurity, surveillance, and privacy.  

**Contact / Verify outreach**  
- Email: [lorenzo@techcrunch.com](mailto:lorenzo@techcrunch.com)  
- Encrypted message (Signal): +1 917 257 1382  
- Keybase / Telegram: `@lorenzofb`  

[View Bio](https://techcrunch.com/author/lorenzo-franceschi-bicchierai/)