Apple iOS working system is generally considered secure, certainly sufficient for most users most of the time. But in recent years hackers have discovered a number of flaws that provide access points to iPhones and iPads. Many of these have been non-clickable or interactive attacks that can infect a machine without the victim as much as clicking a link or downloading a file with malware. Time and time again these weapon vulnerabilities have turned into Apple’s chat app, iMessage. But now Apple seems to have gotten enough. New research shows that the company took iMessage protections to a whole new level with the release of iOS 14 in September.
At the end of December, for example, researchers from the University of Toronto’s Citizen Lab published results about a summer hockey campaign in which dozens of Al Jazeera journalists successfully hacked iMessages with a zero click to spyware famous Pegasus NSO Group submitted. . Citizen Lab said at the time that they did not believe iOS 14 was vulnerable to the scan used in the campaign; all the victims were running iOS 13, which was normal at the time.
Samuel Groß has long studied zero-click iPhone attacks along with several of his colleagues at Google’s Project Zero bug hunting team. This week, he outlined three enhancements Apple has made to iMessage to harden the system and make it harder for attackers to send malicious messages to destroy strategic damage.
“These changes are probably very close to the best that can be done due to the need for backwards compatibility, and should have a major impact on the security of iMessage and the stage as a whole, ”Groß wrote on Thursday. “It’s good to see Apple setting aside the resources for major replacements to improve end-user security.”
In response to a Citizen Lab investigation, Apple said in December “iOS 14 is a major step forward in security and has provided new protections against such attacks.”
IMessage is an obvious target for zero-click attacks for two reasons. First, it is a communication system, meaning that part of its function is to exchange data with other devices. IMessage is literally built for non-interactive activity; you do not need to tap anything to get text or a picture from a contact. And iMessage’s full suite of features – integration with other apps, payment capability, even little things like stickers and memoji – make it a fertile ground for carriers too. All of these links and settings are handy for users but add an “attack surface,” or a vulnerability capability.
“IMessage is an all-iPhone based service, so it’s a big target for solemn spies,” says Matthew Green, Johns Hopkins typewriter. “It also has a ton of bells and rags, and all of these features are a new opportunity for hackers to find bugs that allow them to take control of your phone. So this research shows that Apple is aware of this and has been silently hardening the system. ”
Groß is rolling out three new protections that Apple has developed to address the iMessage security issues at a structural level, rather than through Band-Aid packages. The first development, called BlastDoor, is a “sandbox,” essentially a quarantine zone where iMessage can scan incoming communications for potentially malicious attributes before will be released to the main iOS environment.
The second new tool monitors attacks that handle shared caches of system libraries. The cache randomly changes addresses within the system to make it more difficult to retrieve maliciously. iOS only changes the address of the shared cache after a restart, however, which allowed zero-click attackers to find out where it is; it’s like taking pictures in the dark until you hit something. The new protection is set up to detect malicious activity and trigger an update without the user having to restart their iPhone.