One of the new features in iOS 16 is Lockdown Mode, which helps users protect themselves from targeted cyberattacks by disabling several device features. In addition to everything that changes in block mode, it also restricts web browsing – and now software engineer Alexis Luhrs details exactly how this happens.
Luhrs shared on his personal blog how he ran some tests to find out which web features are disabled when blocking mode is enabled. Thanks to Modernizr, a JavaScript library that detects features available in a web browser, the engineer has a list of WebKit features that could potentially be used to spy on users.
Impact of blocking mode on web browsing
The first thing the engineer noticed was that blocking mode disables JIT compilation of JavaScript, which compiles the code on the fly during its execution. Without JIT enabled, web browsing performance drops to 95% based on performance tests. This results in longer loading times and even more battery drain.
Lock mode in iOS 16 disables also disables WebAssembly. WASM is a powerful binary code format that enables high-performance applications on web pages. However, it can also be used to generate digital “fingerprints” of users that help third parties track people across websites and apps.
Interestingly, support for MP3 players on web pages is also disabled in block mode. Luurs believes that Apple wants to prevent attackers from using MP3 decoding for malicious purposes. Of course, this breaks any MP3 playback website without going back to AAC or OGG formats.
The gamepad API, designed to allow users to interact with game controllers on websites, does not work when block mode is enabled. This is because malicious websites can use data such as the controller ID to track users. Unsurprisingly, this breaks web games and platforms that rely on an external game controller.
Previewing files in web browsers is also limited by blocking mode. For example, JPEG 2000 images and SVG fonts, which are exclusively supported by Safari, are disabled so websites cannot use these formats to target iOS users. PDF preview for websites is also disabled, as several PDF-related exploits have been found in the past.
Other disabled features include WebGL, the Speech Recognition API, and the Web Audio API.
What else limits the blocking mode?
In addition to restricting web browsing, Block Mode in iOS 16 also blocks most message attachments and link previews in the Apple Messages app. Users with Block Mode enabled only receive FaceTime calls from known numbers, and shared iCloud albums are removed from the Photos app.
Apple also blocks configuration profiles and device access over a wired connection with blocking mode enabled.
Of course, Apple emphasizes that Lockdown Mode is intended for a specific group of users who can be the target of sophisticated spyware threats. These users include journalists, activists and government officials. This comes after the company filed a lawsuit against Pegasus spyware maker NSO Group last fall.
Lockdown mode is available as part of iOS 16, which is expected to release this fall. Developers and users enrolled in Apple’s beta testing program can now try out the iOS 16 beta.
similar
The post Here’s How Lockdown Mode in iOS 16 Restricts Web Browsing appeared first on Gamingsym.