Apple’s Lockdown Mode stopped the FBI from extracting data from a seized iPhone after agents raided the home of a Washington Post reporter. The case now stands as one of the clearest examples of how this security feature blocks even government forensic tools. The phone in question belonged to reporter Hannah Natanson, and the device stayed protected while investigators tried to access its contents during a leak investigation.
FBI could not access the iPhone
404 Media reported that the FBI searched Natanson’s home in January as part of an investigation into leaks of classified government information. Agents took several devices from her residence, including a MacBook Pro, an iPhone 13, and external storage drives. The FBI Computer Analysis Response Team, known as CART, tried to extract data from the iPhone but failed.
Court records explained why. “Because the iPhone was in Lockdown mode, CART could not extract that device,” the government wrote in a filing that opposed returning Natanson’s devices. The document also said the phone was on and charging when agents found it, with its screen showing that Lockdown Mode was active.
The same court record appeared about two weeks after the raid. That timing shows that the FBI still could not access the iPhone during that period. The filing did not confirm whether agents later broke into the phone, but it proved that Lockdown Mode blocked their early attempts.
Lockdown Mode blocked the FBI
Apple designed Lockdown Mode to protect people who face a high risk of digital attacks. The company describes it as an extreme security option that limits features to reduce the chance of hacking or spyware. Apple explains that when Lockdown Mode is active, “certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.”
These limits cover many areas that forensic tools rely on. Lockdown Mode blocks most message attachments, restricts web technologies, and limits FaceTime calls from unknown contacts. It also prevents devices from connecting to computers or accessories unless the user unlocks them. That last rule matters because tools like GrayKey and Cellebrite need a physical connection to a phone to start their attacks.
Digital forensics expert Andrew Garrett told 404 Media, “Many advanced forensic techniques and law enforcement tools rely on vulnerabilities that Lockdown Mode explicitly blocks or limits.” That statement helps explain why CART could not extract data from the iPhone.
What the FBI accessed
The FBI still gained access to another device in Natanson’s home. Agents opened a second MacBook Pro after it asked for Touch ID or a password. According to court records, Natanson placed her finger on the reader, and the laptop unlocked. Investigators then photographed and recorded some Signal conversations stored on that computer.
The iPhone told a different story. Lockdown Mode kept it sealed, even though agents found it powered on and ready to use. The feature did not need encryption keys or cloud tricks. It relied on strict limits that blocked the normal paths forensic tools use to break into a phone.
This case shows how Lockdown Mode FBI defenses now work in real life. It also signals a growing standoff between phone makers and law enforcement, with reporters and their sources caught in the middle.
This may have kept them from accessing the device via the publicly acknowledge means of doing so which sadly only include connecting to the devices in manners that operate through the OS. You can connect to any device below the OS and by pass all security. Macintosh, Windows, and many more major tech companies use this as there connections for their live updates. When Kapersksy anti-virus was told they could not sell or service any US citizens any longer they used the same method to connect to every US customers devices and remove their software in a single night without anyone knowing except for the fact the software was gone.