Revealed a company Google for the details of the new security mechanism BlastDoor it added a company Apple moved to iOS 14 as a countermeasure to prevent newly discovered attacks to take advantage of vulnerabilities in its messaging app.
And the improved protection system for iMessage data was revealed by (Samuel Gross) Samuel Groß, Security Researcher at Project Zero, a team of security researchers at Google tasked with studying security vulnerabilities in hardware and software systems.
And theHe said Gross: One of the major changes in iOS 14 is the introduction of the new BlastDoor service that is now responsible for all untrusted data analyzes in iMessages.
Moreover, he added, this service is written in Swift, which is a (mostly) safe language for memory, which makes it incredibly difficult to enter the classic vulnerabilities into the code base.
This development was the result of an exploit that took advantage of the iMessage vulnerability in iOS 13.5.1 to circumvent security protections as part of a cyber espionage campaign targeting journalists last year.
Citizen Lab researchers who exposed the attack last month said: We don’t think the exploit works across iOS 14, which includes new security protections.
BlastDoor forms the core of that new security protection, according to Gross, who analyzed the changes implemented over the course of a week as part of a project to reverse engineer the Mac Mini M1 running macOS 11.1 and iPhone XS running iOS 14.3.
When an incoming iMessage arrives, it passes through a number of services, the most important of which is APSD and a background process called imagent, which is responsible for decoding the contents of the message, downloading the attachments through a separate service and dealing with links to websites, before alerting SpringBoard to display the notification.
And what BlastDoor does is scan all of these incoming messages in a secure and sandboxed environment, preventing any malicious code within the message from interacting with the rest of the operating system or accessing user data.
In other words, a specially designed message sent to the target can no longer interact with the file system or perform network operations, through Transferring most processing tasks from the imagent process to the BlastDoor feature.
Gross noted that the sandbox profile is very narrow, and only a few local IPC services can be accessed, almost all file system interactions are blocked, any interaction with IOKit drivers is forbidden, and access to the outgoing network is denied.
In an effort to delay the subsequent restart of a broken service, Apple also introduced a new restriction feature to limit the number of attempts an attacker gets when seeking to exploit a flaw by increasing the time between two consecutive attempts of a brute-force attack.
With this change, Gross said, an exploit that relied on disrupting a service that was frequently attacked would now likely require anywhere from several hours to roughly half a day to complete instead of a few minutes.