Apple’s iOS 14 Found to Have a Specific Sandbox Security for iMessage

0
77


Apple’s iOS 14 is found to include a new security system called BlastDoor that is meant to protect parsing of untrusted data from messaging client iMessage. Although Apple didn’t provide any details about the security system while releasing iOS 14 in September, a security researcher has discovered its existence through a reverse engineering project. The BlastDoor system on iOS appears to work as a sandbox to separate data processing on iMessage from other elements of the operating system. This is believed to protect users from specific attacks that are carried out through the iMessage client.

Samuel Groß, a security researcher with Google’s Project Zero team, has discovered the BlastDoor system hidden within iOS 14. The researcher wrote a blog post to detail the scope of the new system in protecting users from bad actors.

Unlike other sandbox systems that exist on iOS to protect different its functions, BlastDoor is designed to specifically work with iMessage. It essentially takes incoming messages to unpack and process their content within an isolated and secured environment. This protects the operating system from getting affected even if a malicious code has been sent through a message.

Prior to the update, Apple was processing the entire message data an iPhone receives through the instant messaging agent that exists within iOS.

The issue with the existing mechanism was simple; it was allowing attackers to gain user data access through iMessage.

In 2019, Groß along with his fellow security researcher Natalie Silvanovich found “zero interaction” flaws in iMessage that could allow attackers to read the content of files being stored on an iPhone, without requiring users to interact with any notification or message. Those issues are likely to be addressed with the BlastDoor system.


What will be the most exciting tech launch of 2021? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.



Source link