The latest iteration of Apple’s flagship iPhone operating system, iOS 14, was shipped with a previously undisclosed security mechanism that comprises major changes to the way incoming iMessage texts are processed.
With iOS 14, Apple has introduced BlastDoor, which serves as a sandboxing service for all incoming iMessage data, according to Google’s Project Zero researcher Samuel Groß. This hadn't been previously disclosed by Apple, and the tool was only discovered after reverse-engineering the operating system.
BlastDoor aims to safeguard iPhone users against a common form of attack which involves malicious payloads being sent through iMessage texts. Hackers have, in the past, exploited iMessage vulnerabilities to launch remote code execution attacks and take control of iPhones by simply sending a text to a victim’s device.
This sandboxing layer has been designed specifically to combat this threat by executing any incoming code in an isolated environment, away from the rest of the operating system. This means malicious payloads can be identified and removed before the user interacts with the message.
Although several sandboxing mechanisms already exist in iOS, BlastDoor is one that specifically operates with the iMessage app. It’s also written in Swift, which is considered a memory safe language, making it harder to introduce classic memory corruption vulnerabilities into the codebase.
The Great iPwn, disclosed by Citizen Lab in December 2020, is a recent example of a series of attacks that exploited such weaknesses in iMessage. The report revealed that government operatives using the NSO Group’s infamous Pegasus spyware were found to have hacked 36 personal phones belonging to Al Jazeera journalists.
The operatives deployed an invisible zero-click exploit in iMessage to conduct their attacks, but the report also claimed the attacks wouldn’t work against devices with iOS 14 due to undefined “new security protections”.
This prompted Project Zero’s Groß to reverse-engineer iOS 14 in order to establish the precise nature of any new security mechanisms. Beyond BlastDoor, it was also found that Apple had added a set of technical structural changes, including exponential throttling between restarts, to make it even harder for hackers to breach devices.
“Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,” Groß said.
“It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end-users’ security. Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.”
