TechDigits

Tech news
Thursday, Mar 28, 2024

iMessage Security BlastDoor

iMessage just got an amazing new feature you didn’t even notice

Apple quietly added a new iMessage security feature in iOS 14 called BlastDoor. BlastDoor is a new sandbox inside iMessage that receives and sanitizes all iMessage content before it’s shown to the user. The security feature will prevent attacks via iMessage that might include malicious code for spying on iPhones.

One of the most important apps on any phone, regardless of model or operating system, is the messaging app. The chances are most people use a collection of texting apps to keep in touch with friends and family. These apps have grown to be highly sophisticated over the years, offering a collection of advanced features to improve the chat experience.

Whether it’s iMessage on an iPhone, Google Messages on Android, or WhatsApp, Signal, Telegram, and many others on both platforms, these apps offer essentially the same features. Many protect chats with end-to-end encryption, and most of them support rich texting features, file-sharing, emojis, voice messaging, voice calling, and integration with many other apps.

But because texting is so popular on smartphones, it’s also a great gateway for hackers who come up with all sorts of malicious attacks that can spread via chat apps. And Apple has been quietly tackling that very problem, a new report shows. The company added an amazing new feature to iMessage in iOS 14 and iPadOS 14, the kind that we’ll never notice. It’s called BlasstDoor, an apt name for what the feature is supposed to do.

When Tony Stark asks his AI Friday to activate the “Armed Door” protocol in Endgame, a shield of armor envelops the Avengers headquarters. That’s because they’re about to attempt something never done before, which could lead to a huge wave of destruction. There’s no guarantee that the armor will actually hold back a potential blast, but Stark is trying it nonetheless. Marvel fans will surely remember the scene, while others won’t know what any of this means.

The gist with BlastDoor is similar. Everything coming in via iMessage goes through a secure location meant to contain threats that hackers might include in messages. Highly sophisticated information bombs can allow hackers to attack unsuspecting iPhone users, but BlastDoor will now stop all of that. The new security feature is amazing, and it’s something other operating systems and chat apps will undoubtedly copy. After all, hackers target all devices and programs, not just Apple’s.

As to why Apple never mentioned anything about BlastDoor during WWDC 2020 when the first final version of iOS 14 shipped, that’s understandable. This is Apple’s new move in an ongoing security battle with attackers. There’s no point showing your hand when it comes to BlastDoor. It’s not a feature that device owners will actively use or that iOS developers needed to be aware of.

It’s all supposed to work passively in the background, keeping everybody safe. If security experts like the people working over at Google Zero Lab discover it, that’s something else — and hackers could also find it once they realize their weaponized messages aren’t delivering the desired effect.

First picked up by ZDNet, the BlastDoor feature was indeed discovered by a Googler from Project Zero.

Last year, a report showed that hackers targeted journalists via iMessage code that enabled spying without the recipient having to do anything. But the issue was fixed in iOS 14, so Google researcher Samuel Groß set out to discover how Apple mitigated the problem. That’s how he found BlastDoor, a feature that works behind the scenes with iMessage content.

It’s a “sandbox” type of functionality, similar to other sandboxes in iOS. BlastDoor will unpack and process the content of all incoming messages in an isolated environment so that a malicious payload cannot attack the operating system. In other words, every attachment and all code coming through iMessage, whether it’s the actual text, links, or files, will be sanitized inside that closed environment.

If you still haven’t upgraded to iOS 14, BlastDoor is an excellent reason to do it, especially if you’re the kind of iPhone user who might be someone’s target.

“Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,” the Googler wrote. “It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security.

Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.”

Groß’s blog post detailing the new iMessage security feature is available at this link.

Newsletter

Related Articles

TechDigits
0:00
0:00
Close
FTX's Bankman-Fried headed for jail after judge revokes bail
America's First New Nuclear Reactor in Nearly Seven Years Begins Operations
Southeast Asia moves closer to economic unity with new regional payments system
Today Hunter Biden’s best friend and business associate, Devon Archer, testified that Joe Biden met in Georgetown with Russian Moscow Mayor's Wife Yelena Baturina who later paid Hunter Biden $3.5 million in so called “consulting fees”
Google testing journalism AI. We are doing it already 2 years, and without Google biased propoganda and manipulated censorship
Musk announces Twitter name and logo change to X.com
The future of sports
TikTok Takes On Spotify And Apple, Launches Own Music Service
Hacktivist Collective Anonymous Launches 'Project Disclosure' to Unearth Information on UFOs and ETIs
Typo sends millions of US military emails to Russian ally Mali
Server Arrested For Theft After Refusing To Pay A Table's $100 Restaurant Bill When They Dined & Dashed
Democracy not: EU's Digital Commissioner Considers Shutting Down Social Media Platforms Amid Social Unrest
Sarah Silverman and Renowned Authors Lodge Copyright Infringement Case Against OpenAI and Meta
Why Do Tech Executives Support Kennedy Jr.?
The New York Times Announces Closure of its Sports Section in Favor of The Athletic
Florida Attorney General requests Meta CEO's testimony on company's platforms' alleged facilitation of illicit activities
The Poor Man With Money, Mark Zuckerberg, Unveils Twitter Replica with Heavy-Handed Censorship: A New Low in Innovation?
The Double-Edged Sword of AI: AI is linked to layoffs in industry that created it
US Sanctions on China's Chip Industry Backfire, Prompting Self-Inflicted Blowback
Meta Copy Twitter with New App, Threads
BlackRock Bitcoin ETF Application Refiled, Naming Coinbase as ‘Surveillance-Sharing’ Partner
UK Crypto and Stablecoin Regulations Become Law as Royal Assent is Granted
A Delaware city wants to let businesses vote in its elections
Alef Aeronautics Achieves Historic Milestone with Flight Certification for World's First Flying Car
Google Blocked Access to Canadian News in Response to New Legislation
French Politicians Advocate for Pan-European Regulation on Social Media Influencers
Melinda French Gates Advocates for Increased Female Representation in AI to Prevent Bias
Snapchat+ gains 4 million paying subscribers in its first year
Apple Makes History as the First Public Company Valued at $3 Trillion
Elon Musk Implements Twitter Limits to Tackle Data Scraping, but Faces Criticism for Technical Misunderstanding
EU and UK's Slow Electric Vehicle Adoption Raises Questions About the Transition to Green Mobility
Top Companies Express Concerns Over Europe's Proposed AI Law, Citing Competitiveness and Investment Risks
Meta Unveils Insights on AI Usage in Facebook and Instagram, Amid Growing Calls for Transparency
Crypto Scams Against Seniors Soar by 78% in 2022, Experts Urge Vigilance
The End of an Era: National Geographic Dismisses Last of Its Staff Writers
Shield Your Wallet: The Perils of Wireless Credit Card Theft
Harvard Scientist Who Studies Honesty Accused Of Data Fraud, Put On Leave
Putting an End to the Subscription Snare: The Battle Against Unwitting Commitments
The Legal Perils of AI: Lawyer Faces Sanctions for Relying on Fictional Cases Generated by Chatbot
ChatGPT’s "Grandma Exploit": Ingenious Hack Exposes Loophole in AI, Generates Free Software Codes
The Disney Downturn: A Near Billion-Dollar Box Office Blow for the House of Mouse
A Digital Showdown: Canada Challenges Tech Giants with The Online News Act, Meta Strikes Back
Distress in the Depths: Submersible and Passengers Missing in Titanic Wreckage Expedition
Mark Zuckerberg stealing another idea: Twitter
European Union's AI Regulations Risk Self-Sabotage, Cautions smart and brave Venture Capitalist Joe Lonsdale
Nvidia GPUs are so hard to get that rich venture capitalists are buying them for the startups they invest in
Chinese car exports surge
Reddit Blackout: Thousands of Communities Protest "Ludicrous" Pricing Changes
Nvidia Joins Tech Giants as First Chipmaker to Reach $1 Trillion Valuation
AI ‘extinction’ should be same priority as nuclear war – experts
×