According to the recent report from “Project Zero”, Apple has added a new iOS security feature to the Systems that ate under its control. This is one of the most critical discoveries of project zero since July 15th of 2014 that the security analysts of Google, started their carrier. Why? Because it demonstrates the importance of the role of crowdsourced cybersecurity in preventing cyber-attacks. Reports indicate that the new iOS security feature has been added to iOS devices following several zero-days that had targeted iOS messengers.
where this iOS security feature comes from?
Samuel Groß, a security researcher with Project Zero was the one who discovered Dubbed “BlastDoor”. This new feature is actually the improved sandbox system for iMessage data. Something that could be added to iOS way before, if apple had the blessing to get help from a crowdsourced cybersecurity team just like google.
As Samuel Groß has stated:
“One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed ‘BlastDoor’ service which is now responsible for almost all parsing of untrusted data in iMessages. Furthermore, this service is written in Swift, a (mostly) memory-safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the codebase.
The sandbox profile is quite tight. Only a handful of local IPC services can be reached, almost all file system interaction is blocked, any interaction with IOKit drivers is forbidden, [and] outbound network access is denied.
With this change, an exploit that relied on repeatedly crashing the attacked service would now likely require in the order of multiple hours to roughly half a day to complete instead of a few minutes.”
Samuel Groß used M1 Mac Mini running macOS 11.1 and an iPhone XS running iOS 14.3 to do a week-long reverse engineering process. As a result, he found out that the BlastDoor forms this new iOS security feature.
What is the blast door?
BlastDoor service processes malicious data before transferring them to your inbox. This service is a custom security protocol for iMessage that analyze and process malicious messages, before letting them spread in the whole system.
It seems that adding this new feature is part of the iOS security features’ evolution. The evolution started by not allowing apples’ applications to bypass content filters, VPNs, and third-party firewalls. The necessity of holding an evolution appeared when 36 journalists of Al-Jazeera got hacked by spyware.
That Apple iMessage flaw in iOS 13.5.1 made some users pessimistic about the security of Apple products. After such occurrences, only evolution could reassure users of the security of their data.
Researchers from Citizen Lab, a crowdsourced cybersecurity team who revealed the attack on the journalists have stated that:
“Despite this new iOS security feature, we do not believe that [the exploit] works against iOS 14 and above, which includes new security protections.”
how does it work?
The complexity and efficiency of this new iOS security feature are so high level that let apple security evolution gets close to the best that could’ve been done. The idea of BlastDoor would have a significant impact on any platforms’ security for sure. Now that Apple engineers have played their cards, its hackers’ turn to play. Let’s see if they can turn the table or not.
To understand how the new iOS security feature Imagine that you send messages to another iPhone device through iMessage, let’s take a look at the path it passes. Apple Push Notification Service daemon (apsd) receives push messages from Apple’s servers and extract IDS payload. Apsd passes the messages to identityservicesd to decrypt payload iMessage private key and forward to imagent.
Imagent sends a payload to blastdoor service for defusion. Then the message arrives at the blastdoor. Blastdoor builds message object by decoding message list, parse message text XML, and decode NSSwealizer data. Then the message goes back to Imagent, IMTranscoderagent, blastdoor, IMDPersistenceagent, and imagent respectively. Eventually, imessage would send you the delivery receipt.
In short, BlastDoor inspects all such inbound messages in a secure, sandboxed environment. Therefore, no malicious codes would be able to interact to iPhones’ operation system.
A specially-crafted message sent to a target can no longer interact with the file system or perform network operations. Message Why? Because the major part of processing would take a place behind the blastdoor, before entering imagent.
Join Nordic’s No.1 Bug & Threat Bounty Crowdsourced Security Platform