Apple's Lockdown Mode, designed to protect iPhones from state-sponsored hackers and spyware, now appears to be being used to trick unsuspecting users into a false sense of security.

As reported by The Hacker News, security researchers at Jamf have identified a post-exploit tampering technique that makes it appear that lockdown mode is enabled even though it is not.

Lockdown mode, first introduced in iOS 16, hardens the best iPhone defenses by severely restricting certain features. While inconvenient for most people, it is a really useful feature for those who are particularly vulnerable or targeted by organizations such as the NSO Group, which developed the Predator spyware.

But if hackers have already infiltrated your iPhone, Jamf showed in a new report that lockdown mode can be bypassed when you try to turn it on. While this is not an attack most people need to worry about, it could be devastating to those who rely on lockdown mode for additional security.

If a hacker manages to infect your iPhone with malware, "there is no safeguard to stop the malware from running in the background," regardless of whether lockdown mode is enabled, Jamf said.

To show how lockdown mode can be faked, Jamf researchers created a file named "/fakelockdownmode_on" and placed it in an infected iPhone. Once lockdown mode was enabled on this device, rather than actually rebooting to enable it, Jamf's injected code was able to maintain control of the security features.

It is worth noting that this technique can also be used to allow non-persistent malware to continue running on the compromised iPhone, even after a reboot, so that it can continue to spy on its target users.

From here, Jamf researchers used a similar trick to make it appear that Apple's Safari browser was running in lockdown mode even though it was not. This allowed the researchers to view PDF files in Apple's browser, even though they are normally blocked when lockdown mode is on.

Unlike the best anti-virus software, which can detect both new and existing malware, lockdown mode is really only effective before an attack takes place. Fortunately for users who frequently use lockdown mode, according to Jamf, hackers have not yet been confirmed to use this technique, and now that Apple is aware of this, a permanent fix may appear with iOS 18.

The first and most important thing you can do to protect your iPhone from cyber attacks and malware is to keep it up to date. This means installing all the latest updates and security patches as soon as they become available.

This may be a bit annoying as well as time consuming, but hackers frequently exploit known vulnerabilities to target users who have not yet updated their devices. However, by keeping your iPhone updated at all times, you can avoid falling victim to this type of attack.

Due to Apple's own limitations, there is no iPhone equivalent to the best Android antivirus app, but one of the best Mac antivirus software solutions offers a workaround for those who want to scan their iOS devices for malware

Intego.

With Intego Mac Internet Security X9 or Intego Premium Bundle X9, simply connect your iPhone or iPad to your Mac using a USB cable and the software will scan your iPhone or iPad for viruses. This is a really convenient feature. This is a really useful feature, especially since the iPhone must already be infected with malware to use this new lockdown mode bypassing technique.

The iPhone has a reputation for being more secure than the best Android phones, but this also makes it a prime target for cybercriminals and state-sponsored hackers looking for a get-rich-quick scheme.