IOS operates Apple the system is generally considered secure, certainly sufficient for most users most of the time. But in recent years, hackers have successfully found a number of flaws that provide entry points to the iPhone and iPad. Many of these have been called zero-click or no-interaction attacks, which can infect a victimless device, whether it’s clicking a link or downloading a malware file. Countless times, these armed vulnerabilities have been found to be in Apple’s chat application, iMessage. But now it looks like Apple has arrived. New research shows that the company has taken iMessage’s defense to another level with the launch of iOS 14 in September.
In late December, for example, researchers at the University of Toronto’s Citizen Lab published findings about a summer hacking campaign in which the attackers successfully targeted dozens of Al Jazeera journalists with a zero-click iMessages attack. to install NSO Group’s Pegasus spyware. . Citizen Lab said at the time that it did not believe iOS 14 was vulnerable to hacking used in the campaign; all the victims were running iOS 13, which was current at the time.
Samuel Groß has long investigated zero-click iPhone attacks with several of his colleagues on Google’s Project Zero error research team. During the week, he detailed three improvements that Apple added to iMessage to strengthen the system and make it much more difficult for attackers to send malicious messages created to wreak havoc.
“These changes are probably very close to the best that could have been made, given the need for backward compatibility and should have a significant impact on iMessage security and the platform as a whole,” Groß wrote on Thursday. “It’s great to see Apple putting aside resources for these kinds of big refactoring to improve end-user security.”
In response to Citizen Lab research, Apple said in December that “iOS 14 is a major leap in security and has provided new protections against these types of attacks.”
iMessage is an obvious target for zero-click attacks for two reasons. First, it is a communications system, which means that part of its function is to exchange data with other devices. iMessage is literally built for non-interactive activities; you don’t have to touch anything to receive text or a photo from a contact. And the full suite of iMessage features – integrations with other applications, payment features, even small things like stickers and memos – make it fertile ground for hackers as well. All of these interconnections and options are convenient for users, but add “attack surface” or potential weakness.
“IMessage is a service built into every iPhone, so it’s a huge target for sophisticated hackers,” says Johns Hopkins cryptographer Matthew Green. “It also has a lot of bells and whistles and each of these features is a new opportunity for hackers to find bugs that allow them to take control of your phone. So what this research shows is that Apple he knows this and has quietly strengthened the system. ”
Groß presents three new protections developed by Apple to deal with its structural iMessage security issues, rather than through Band-Aid patches. The first enhancement, called BlastDoor, is a “sandbox”, essentially a quarantine area where iMessage can inspect communications received for potentially harmful attributes before releasing them to the main iOS environment.
The second new mechanism monitors attacks that manipulate a cache shared by system libraries. The cache changes addresses inside the system randomly to make access more difficult. iOS changes the address of the shared cache only after a restart, which gave attackers with zero clicks the opportunity to discover their location; it’s like taking pictures in the dark until you hit something. The new protection is configured to detect malicious activity and trigger a refresh without the user having to restart their iPhone.