Google researcher discovers new iOS security system

With the release of iOS 14 last fall, Apple added a new security system to iPhones and iPads to protect users from attacks made through the iMessage instant messaging client.

Appointed BlastDoor, this new iOS security feature was discovered by Samuel Groß, a security researcher at Project Zero, a Google security team tasked with finding vulnerabilities in commonly used software.

Groß said the new BlastDoor service is a basic sandbox, a type of security service that runs code separately from the rest of the operating system.

While iOS comes with several sandbox mechanisms, BlastDoor is a new addition that only works at the iMessage app level.

Its role is to take incoming messages, decompress and process their content in a secure and isolated environment, where any malicious code hidden in a message cannot interact, damage the underlying operating system, or recover user data. .

The need for a service like BlastDoor had become evident after several security researchers pointed out in the past that the iMessage service was doing a poor job of disinfecting incoming user data.

Over the past three years, there have been several instances where security researchers or real-world attackers have found iMessage remote code execution (RCE) bugs and have abused those issues to develop exploits that allowed them to take control of an iPhone just by sending a simple text. , photo or video on someone’s device.

Don’t forget to see my #BHUSA talk on iMessage remotes! Tomorrow 2:40 p.m. at Lagoon GHI

– Natalie Silvanovich (@natashenka) Aug 6, 2019

The latest of these attacks took place over the summer of last year and was detailed in a Citizen Lab report titled “The Great iPwn”, which described a hacking campaign targeting staff and employees. Al Jazeera journalists.

Groß said he was drawn to the investigation into the internals of iOS 14 after reading in the Citizen Lab report that the attackers’ zero days stopped working after the launch of iOS 14, which included apparently improved security defenses.

After exploring the inner workings of iOS 14 for a week, Groß said he believes Apple has finally listened to the security research community and improved iMessage’s handling of inbound content by adding the BlastDoor sandbox. to the iMessage source code.

“Overall, these changes are probably very close to the best that could have been made given the need for backward compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole.” , Groß said in a blog post. post today.

“It’s great to see Apple setting aside the resources for these kinds of big refactorings to improve end-user security.”