iOS 14 Carries ‘BlastDoor’ Sandbox Security System to Protect iMessage, Google Researcher Discovers

Samuel Groß from Google’s Project Zero team has discovered the BlastDoor security system within iOS 14.

By Jagmeet Singh | Updated: 29 January 2021 15:27 IST

iOS 14 Carries ‘BlastDoor’ Sandbox Security System to Protect iMessage, Google Researcher Discovers

Photo Credit: Apple

Apple didn’t reveal the existence of BlastDoor security system at the time of releasing iOS 14

Highlights

iOS 14 has BlastDoor system to sandbox iMessage data processing
iMessage vulnerabilities could give attackers access to user files
Apple has placed BlastDoor alongside other sandbox systems in iOS

Apple's iOS 14 is found to include a new security system called BlastDoor that is meant to protect parsing of untrusted data from messaging client iMessage. Although Apple didn't provide any details about the security system while releasing iOS 14 in September, a security researcher has discovered its existence through a reverse engineering project. The BlastDoor system on iOS appears to work as a sandbox to separate data processing on iMessage from other elements of the operating system. This is believed to protect users from specific attacks that are carried out through the iMessage client.

Samuel Groß, a security researcher with Google's Project Zero team, has discovered the BlastDoor system hidden within iOS 14. The researcher wrote a blog post to detail the scope of the new system in protecting users from bad actors.

Unlike other sandbox systems that exist on iOS to protect different its functions, BlastDoor is designed to specifically work with iMessage. It essentially takes incoming messages to unpack and process their content within an isolated and secured environment. This protects the operating system from getting affected even if a malicious code has been sent through a message.

Apple Loses Copyright Suit Against Cyber-Security Startup Corellium

Prior to the update, Apple was processing the entire message data an iPhone receives through the instant messaging agent that exists within iOS.

The issue with the existing mechanism was simple; it was allowing attackers to gain user data access through iMessage.

In 2019, Groß along with his fellow security researcher Natalie Silvanovich found “zero interaction” flaws in iMessage that could allow attackers to read the content of files being stored on an iPhone, without requiring users to interact with any notification or message. Those issues are likely to be addressed with the BlastDoor system.

What will be the most exciting tech launch of 2021? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.