Min menu


Google unveils Apple's BlastDoor security feature


Google has revealed details of the new security mechanism called BlastDoor, which Apple added to iOS 14 as a countermeasure to prevent newly discovered attacks to take advantage of loopholes in its messaging app.

Samuel Groß, a security researcher at Project Zero, a team of Google security researchers tasked with examining hardware and software vulnerabilities, was unveiled by Samuel Groß, security researcher at Project Zero.

"One of the major changes in iOS 14 is the introduction of the new BlastDoor service, which is now responsible for all unreliable data analysis in iMessages," Gross said.

"Moreover, this service is written in Swift, a (mostly) safe language for memory, making it very difficult to incorporate classic vulnerabilities into the codebase.

This development was the result of exploitation that took advantage of the iMessage loophole in iOS 13.5.1 to circumvent security protection sought as part of a cyber-espionage campaign targeting journalists last year.

Citizen Lab researchers who revealed the attack last month said: We don't believe the exploitation works on iOS 14, which includes new security protections.

BlastDoor is at the heart of that new security protection, according to Gross, who analyzed the week-long changes implemented as part of a reverse engineering project using mac Mini M1 on macOS 11.1 and iPhone XS on iOS 14.3.

When an incoming iMessage arrives, it passes through a number of services, the most important of which is APSD and a background operation called an imagent, which is responsible for decrypting the contents of the message, downloading attachments through a separate service, and handling links to websites, before alerting SpringBoard to display a notification.

What BlastDoor does is check all these messages in a secure and protected environment, preventing any malicious code within the message from interacting with the rest of the operating system or accessing user data.

In other words, a specially designed message sent to the target can no longer interact with the file system or perform network operations by transferring the majority of processing tasks from imagent to BlastDoor.

Gross noted that the protection fund profile is very narrow, only a few local Imac services can be accessed, almost all file system interactions are blocked, any interaction with IOKit drivers is blocked, and access to the outgoing network is denied.

In an effort to delay the subsequent restart of a disabled service, Apple also introduced a new restriction feature to reduce the number of attempts the attacker gets when seeking to exploit a glitch by increasing the time between two consecutive attempts at a brute force attack.

"With this change, the exploitation that depends on frequent service disruptions is likely to now take several hours to half a day to complete rather than a few minutes," Gross said.