iOS 14 added a new “BlastDoor” sandbox security system to iPhones and iPads to prevent attacks made with the Messages app. Apple did not share information about the new security addition, but it was explained today by Samuel Groß, security researcher of Google Project Zero, and highlighted ZDNet.
/article-new/2020/06/messages-pinned-conversations-ios-14.jpg?resize=560%2C410&ssl=1)
Groß describes BlastDoor as a sandbox service that handles all untrusted iMessages data. A sandbox is a security service that runs code separately from the operating system and it works in the Messages application.
BlastDoor looks at all incoming messages and inspects their content in a secure environment, which prevents any malicious code in the message from interacting with iOS or accessing user data.
/article-new/2021/01/project-zero-blastdoor.jpg?resize=560%2C458&ssl=1)
As you can see, most of the complex and unreliable data processing has been moved to the new BlastDoor service. In addition, this design with its 7+ services involved allows fine-grained sandboxing rules to be applied, for example, only the IMTransferAgent and apsd processes are required to perform network operations. As such, all services on this pipeline are now properly located in a sandy area (with the BlastDoor service probably the strongest).
The feature is designed to thwart specific types of attacks, such as those in which hackers used shared or brute force cache attacks. How ZDNet notes, in recent years, security researchers have found remote code execution errors in iMessage that could allow an iPhone to be infiltrated with just text, which BlastDoor should address.
Groß found the new feature iOS 14 after investigating a message piracy campaign aimed at Al Jazeera journalists. The attack didn’t work on iOS 14, and investigating why led to its discovery of BlastDoor.
According to Groß, Apple’s changes to BlastDoor are “close to the best that could have been made given the need for compatibility with previous versions” and will make the iMessage platform much more secure.
This blog post talked about three improvements to OSiOS 14 that affect iMessage security: the BlastDoor service, shared cache slippage, and exponential limitation. Overall, these changes are probably very close to the best ones that could have been made given the need for compatibility with previous versions, and should significantly affect the security of iMessage and the platform in general.
It’s great to see Apple set aside resources for such major refactoring to improve end-user security. In addition, these changes also highlight the value of offensive safety work: not only were unique errors corrected, but structural improvements were made based on the knowledge gained from exploitation development work.
Those interested in the full summary on how BlastDoor works can visit the Project Zero blog post on the subject.