With the release of iOS 14 last fall, Apple has added a new security system to iPhones and iPads to protect users against attacks carried out via the iMessage instant messaging client.
Named BlastDoor, this new iOS security feature was discovered by Samuel Groß, a security researcher with Project Zero, a Google security team tasked with finding vulnerabilities in commonly-used software.
Groß said the new BlastDoor service is a basic sandbox, a type of security service that executes code separately from the rest of the operating system.
While iOS ships with multiple sandbox mechanisms, BlastDoor is a new addition that operates only at the level of the iMessage app.
Its role is to take incoming messages and unpack and process their content inside a secure and isolated environment, where any malicious code hidden inside a message can’t interact or harm the underlying operating system or retrieve with user data.
The need for a service like BlastDoor had become obvious after several security researchers had pointed out in the past that the iMessage service was doing a poor job of sanitizing incoming user data.
Over the past three years, there had been multiple instances where security researchers or real-world attackers found iMessage remote code execution (RCE) bugs and abused these issues to develop exploits that allowed them to take control over an iPhone just by sending a simple text, photo, or video to someone’s device.
The latest of these attacks took place last year, over the summer, and were detailed in a report from Citizen Lab named “The Great iPwn,” which described a hacking campaign that targeted Al Jazeera staffers and journalists.
Groß said he was drawn to investigating iOS 14’s internals after reading in the Citizen Lab report that the attackers’ zero-days stopped working after the launch of iOS 14, which apparently included improved security defenses.
After probing around in the iOS 14 inner workings for a week, Groß said he believes that Apple finally listened to the security research community and improved iMessage’s handling of incoming content by adding the BlastDoor sandbox to iMessage’s source code.
“Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,” Groß said in a blog post today.
“It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security.”