(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Apple started the roll out of its latest major software update in September with a number of features for its messaging app, iMessage.
While the Cupertino-based firm announced more options for group chats, inline replies, it did not mention the adoption of the new security system for iMessage.
Named ‘BlastDoor’, the system is a sandbox mode that aims to prevent attacks carried out on the messages app. It adds more security to the messages by protecting iMessage from other iOS apps.
Apple did not share information on the security feature, but Samuel Groß, a security researcher with Google’s Project Zero described BlastDoor in a blog post.
After one week of reverse engineering project, Groß found that iOS 14 has introduced a new, tightly sandboxed “BlastDoor” service which is now responsible for almost all parsing of untrusted data in iMessage.
Also Read : iOS 14 battery drain: Here’s how you can fix it
Sandbox is a security mechanism that runs code separately from the OS, to mitigate system failures or software vulnerabilities. BlastDoor operates within the Messages app and inspects the incoming message in an isolated environment to check whether there is any malicious code inside any message that can interact with iOS system and access any useful data.
Groß noted that majority of the processing of complex and untrusted data has been moved into the new BlastDoor service.
“This design with its 7+ involved services allows fine-grained sandboxing rules to be applied, for example, only the IMTransferAgent and apsd processes are required to perform network operations,” Groß said.
“As such, all services in this pipeline are now properly sandboxed (with the BlastDoor service arguably being sandboxed the strongest).”
The security researcher started the investigation into iOS 14 iMessage security feature after a hacking campaign targeted Al Jazeera journalists . Groß found that the attack failed in the latest Apple security update and came across BlastDoor security system.
In 2019, Groß and his fellow security researcher found that iMessage gave hackers access to the files in an iPhone and this did not even require a user to open the notification or message.
