User profile for user: Andrei_Yurevich
Andrei_Yurevich Author
User level: Level 1
4 points

Privacy Concern with mDNS Broadcast during Lockdown Mode on MacBook

I am writing to report a significant privacy and security concern I've encountered while using my MacBook in Lockdown Mode. I have discovered that the Multicast DNS (mDNS) service continues to broadcast even when the system is in Lockdown Mode. This is concerning because mDNS makes public a variety of information that should remain private, especially in a mode designed for heightened security.

In particular, mDNS broadcasting in Lockdown Mode reveals the following details:

  • The names of services running on my computer
  • My device's hostname
  • Open ports which could potentially be probed for vulnerabilities

Lockdown Mode is expected to provide an extreme level of security for users who might be at risk from sophisticated cyber threats. However, the fact that mDNS continues to transmit such sensitive information in this mode is counterintuitive to the purpose of Lockdown Mode. It potentially exposes users to network-based identification and system probing that they opted out of by choosing to operate in this highly secure environment.

I understand the necessity of mDNS in the seamless operation and integration of Apple services under normal operating conditions. However, broadcasting these details when in Lockdown Mode undermines the privacy guarantees that users, particularly those facing severe digital threats, expect from this feature.

Could you please clarify if this is intended behavior for Lockdown Mode, and advise on how to prevent mDNS broadcasting when privacy is of utmost concern? If this is not the intended behavior, it should be treated as a security flaw that requires immediate attention to protect the privacy of users depending on Lockdown Mode for their safety.

I am looking forward to your urgent response and assistance on this matter to ensure that user privacy is not inadvertently compromised.

Thank you for your attention and support.

MacBook Pro 13″, macOS 14.1

Posted on Nov 7, 2023 6:01 AM

Reply

Similar questions

4 replies
User profile for user: etresoft
etresoft
User level: Level 9
57,796 points

Nov 7, 2023 8:13 AM in response to Andrei_Yurevich

First of all, don't believe what you read on the internet. It's simply not true.


Furthermore, the details about how computer networks operate are far, far beyond the technical knowledge of anyone posting these stories on the internet.


Unless you are actively trying to do something that would cause some government to want you dead, then you don't need Lockdown Mode at all. If you are actively trying to do something that would cause some government to want you dead, then Lockdown Mode is not going to save you.


This is simply a new feature that Apple is providing people who, through no fault or action on Apple's part, have been fooled into thinking that their devices are vulnerable to security exploits. None of that is true. It's all fake news. But Apple understands that people are worried and don't understand how these things work, so they have created features like Lockdown Mode to make people feel better, while continuing to use their devices normally.


mDNS is a local networking feature. This information does not go out over the internet unless you have specifically configured your WiFi router to broadcast it. This is never a default setting. You have to go into "Advanced features" and manually configure it, on purpose. mDNS is only going to be a security risk if the hackers are parked in your driveway and have your WiFi password.

Reply
User profile for user: Andrei_Yurevich
Andrei_Yurevich Author
User level: Level 1
4 points

Nov 8, 2023 4:30 AM in response to etresoft

You are mistaken, I discovered this information while analyzing network

packets in my network. mDNS is definitely not a "must have" for a local

network. Certainly, lockdown mode won't protect you if "the state wants

to kill you," but turning off this service is necessary in lockdown mode

because at the very least you can find out the name of the person

sitting opposite you in a cafe. In addition, in some cases, you can see a

list of running services, such as fileshare (talking about DNS-SD).

Moreover, this feature is enabled by default


P.S. This is completely adequate behavior for a local network, but not in lockdown mode, which is intended to increase privacy

Reply
User profile for user: etresoft
etresoft
User level: Level 9
57,796 points

Nov 8, 2023 8:44 AM in response to Andrei_Yurevich

Andrei_Yurevich wrote:

lockdown mode, which is intended to increase privacy

To quote Apple's document about Lockdown Mode, "Lockdown Mode helps protect devices against extremely rare and highly sophisticated cyber attacks."


Apple continues, "Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. Most people are never targeted by attacks of this nature."


But if you are turning on Lockdown Mode in a mistaken belief that provides some extra layer of privacy protection, then none of this matters. You aren't being targeted. Go ahead and join that cafe's WiFi network. Surf the web. Get your game on. If you want extra privacy, change your device name to something like "Special Agent Roc Ingersol's MacBook". But chances are, most people are more likely to keep their name in hopes of hooking up with the cute barista. That's the real world. Stop reading that security paranoia posted on the internet.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Privacy Concern with mDNS Broadcast during Lockdown Mode on MacBook

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up