Google specialist found a new BlastDoor security system in iOS

iOS BlastDoor security system
Written by Emma Davis

Google Project Zero expert Samuel Groß discovered that with the release of iOS 14, Apple’s operating system has a new security system – the BlastDoor sandbox, designed to process iMessages data.

Gross says that BlastDoor is a basic sandbox where code can be executed separately from the rest of the OS. Although iOS already has a number of sandbox mechanisms, BlastDoor is an innovation that only works at the iMessage level.

One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed “BlastDoor” service which is now responsible for almost all parsing of untrusted data in iMessages (for example, NSKeyedArchiver payloads). Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.explains Samuel Groß.

Basically, BlastDoor’s job is to accept incoming messages, as well as unpack and process their content in a safe and isolated environment, where malicious code hidden inside the message cannot harm the operating system or reach user data.

iOS BlastDoor security system
Apparently, the need for BlastDoor arose due to the fact that in recent years security experts have repeatedly discovered that iMessage cannot cope with cleaning incoming user data.

For example, at the end of 2020, Citizen Lab specialists spoke about hacker attacks on employees of the Al-Jazeera TV company. These attacks were carried out through a 0-day vulnerability in iOS, and the bug stopped working after the release of iOS 14.

This fact interested Gross, who decided to look for new protective mechanisms in the updated version of iOS, which made the exploits of cybercriminals suddenly useless.

Overall, these changes seem to be close to ideal (given the need for backward compatibility), and should have a significant impact on the security of iMessage and the platform as a whole. It’s great to see Apple committing resources to such major code restructurings in an effort to improve the security of end users.Gross sums up.

Let me remind you that we also wrote that hacker can get in an iPhone by simply sending a text message.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply

Sending