A new “BlastDoor” sandbox security system has been added to iPhones and iPads in iOS 14 to prevent attacks using the Messages application, as has now been revealed.
Apple has not yet released any information regarding the new security system in iOS 14. The whole thing was confirmed to ZDNet today by Samuel Groß, a security researcher on Google's Project Zero team. Groß describes BlastDoor as a "tightly enclosed" sandbox service responsible for parsing all untrusted data in iMessages. A sandbox is a security service that runs code separate from the operating system—it operates within the Messages app. Specifically, BlastDoor takes a look at all incoming messages and examines their contents in a secure environment that prevents malicious code in a message from interacting with iOS or accessing user data.
BlastDoor makes iMessage significantly more secure
As you can see, most of the processing of complex, untrusted data has been moved to the new BlastDoor service. Furthermore, this design, with its 7+ services involved, allows for individual sandboxing rules to be applied, e.g. only the IMTransferAgent and apsd processes are required to perform network operations. Thus, all services in this pipeline are now properly sandboxed (with the BlastDoor service arguably the most sandboxed).
The feature is designed to thwart certain types of attacks, such as those where hackers use a shared cache or brute-force attacks. As ZDNet notesIn recent years, security researchers have repeatedly discovered iMessage remote code execution flaws that allow an iPhone to be infiltrated with just a single text. For this reason, BlastDoor was integrated, a security system designed to address precisely these problems. Groß discovered the new iOS 14 feature after investigating a news hacking campaign targeting Al Jazeera journalists. However, the attack didn't work on iOS 14. He then investigated the whole thing and discovered BlastDoor. According to Groß, Apple's BlastDoor changes are "almost the best thing they could have done given the need for backward compatibility" and make the iMessage platform significantly more secure.
iOS 14: “Structural improvements have been made”
This blog post discussed three improvements in iOS 14 that affect iMessage security: the BlastDoor service, shared cache resliding, and exponential throttling. Overall, these changes are probably very close to the best that could be done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole.
It's great to see Apple putting resources aside for these kinds of major refactorings to improve end-user security. Moreover, these changes also underscore the value of offensive security work: not just fixing individual bugs, but making structural improvements based on the lessons learned from exploit development.
If you want to learn more about how BlastDoor works, you can blog post from Project Zero here. (Photo by Denys Prykhodov / Bigstockphoto)
