Apple iOS running the system is generally considered secure, sufficient for most users most of the time. But in recent years hackers have successfully found a number of flaws that provide entry points to iPhones and iPads. Many of these have been so-called non-click or non-interaction attacks that can infect a device without the victim as much as clicking a link or downloading a malware file. Again and again these armed vulnerabilities turned out to be in Apple’s chat app, iMessage. But now it looks like Apple has had enough. New research shows that the company took iMessage’s defenses to another level with the release of iOS 14 in September.
In late December, for example, researchers at the University of Toronto’s Citizen Lab published findings about a summer piracy campaign in which attackers successfully targeted dozens of Al Jazeera journalists with an iMessages attack with zero click to install the famous NSO Group Pegasus spyware. . Citizen Lab said at the time that it did not believe iOS 14 was vulnerable to the piracy used in the campaign; all the victims had iOS 13, current at the time.
Samuel Groß has long investigated zero-click iPhone attacks alongside several colleagues on Google Project Zero’s bug tracking team. Last week, he detailed three enhancements that Apple added to iMessage to harden the system and make it much harder for attackers to send malicious messages designed to wreak havoc.
“These changes are probably very close to the best ones that could have been made given the need for compatibility with previous versions, and should have a significant impact on the security of iMessage and the platform in general,” Groß wrote on Thursday. “It’s great to see Apple set aside resources for this kind of big refactoring to improve end-user security.”
In response to Citizen Lab’s research, Apple said in December that “iOS 14 is a major leap in security and offers new protections against such attacks.”
iMessage is an obvious target for zero-click attacks for two reasons. First, it is a communication system, that is, part of its function is to exchange data with other devices. iMessage is literally created for non-interactive activities; you don’t need to touch anything to receive text or a photo from a contact. And the full set of iMessage features — integrations with other apps, paid features, even small things like stickers and memoji — also make it fertile ground for hackers. All of these interconnections and options are convenient for users, but add “surface attack” or potential for weakness.
“IMessage is an integrated service for all iPhones, so it’s a huge target for sophisticated hackers,” says Matthew Green, the Johns Hopkins cryptographer. “It also has a lot of bells and whistles, and all of these features are a new opportunity for hackers to find bugs that allow them to control your phone. What this research shows is that Apple knows this and has been hardening the system quietly. ·the mind “.
Groß describes three new protections that Apple developed to address its iMessage security issues at the structural level, rather than using Band-Aid patches. The first enhancement, called BlastDoor, is a “sandbox,” essentially a quarantine area where iMessage can inspect incoming communications for potentially malicious attributes before launching them into the main iOS environment.
The second new mechanism controls attacks that manipulate a shared cache of system libraries. The cache changes system addresses at random to make malicious access difficult. iOS, however, only changes the shared cache address after a reboot, which has given zero-click attackers a chance to find out their location; it’s like shooting in the dark until you touch something. The new protection is set to detect malicious activity and trigger an update without the user having to restart their iPhone.