Google researchers discover Apple introduced improved iMessage security for iOS 14

Apple released iOS 14 last fall, introducing a new sandbox security mechanism for its iPhone/iPad to protect users from attacks on the iMessage instant messaging client. This feature is called BlastDoor. According to Samuel Groß, a researcher from Google's Project Zero security team, the security of the iMessage messaging service in the iOS mobile operating system was not good enough.

It is reported that the Google Project Zero team is particularly good at discovering various security vulnerabilities in commonly used software. Their latest research result is to find a security service vulnerability in the iMessage messaging application in iOS.

Some security researchers have previously pointed out that the iMessage service does a poor job of data processing for incoming messages, and Apple has finally introduced solutions such as BlastDoor in iOS 14.

There are many sandbox mechanisms in the iOS mobile operating system, but BlastDoor is specifically designed for the iMessage messaging app to isolate the execution of the software from other code in the iOS 14 system.

BlastDorothy is envisioned to allow incoming message content to be decompressed and processed in a secure, isolated environment, without any malicious code contained therein being able to interact with, damage, or retrieve user data from the underlying system.

However, in the past three years alone, we have seen many remote code execution attacks (RCE) against iMessage, and even someone has developed tools to abuse related vulnerabilities. Victims may only receive a simple text message, causing their device to be hijacked and photos or videos to be sent to others.

The most recent example was the hacking campaign against Al Jazeera staff and journalists detailed in last summer’s The Great iPwn report by Citizen Lab. But Groß noticed that after the release of iOS 14, attackers’ zero-day exploits seemed to have quieted down.

Apparently, Apple officials are also aware of this problem and have introduced improved security defenses in iOS 14. After a week of in-depth research on the relevant work, he finally believed that Apple had listened to the general opinions in the security research field.