Apple’s iOS operation system is generally considered safe enough for most users. But in recent years, hackers have successfully uncovered a number of flaws that provide access to iPhones and iPads. Many of these attacks were so-called zero-click or interaction-less attacks that can infect a device without the victim even clicking a link or downloading a file containing malware. Time and again, these weaponized vulnerabilities have been found in Apple’s chat app, iMessage. But now it appears that Apple has had enough. New research shows the company has taken iMessage’s defense to a whole new level with the release of iOS 14 in September.
For example, in late December, researchers at the University of Toronto’s Citizen Lab released findings about a summer hacking campaign in which attackers successfully attacked dozens of Al Jazeera journalists with a zero-click iMessages attack to destroy NSO Group’s infamous Pegasus spyware. to install. . Citizen Lab said at the time that it did not believe iOS 14 was vulnerable to the hacking used in the campaign; all victims were running iOS 13, which was current at the time.
Samuel Groß, along with some of his colleagues from Google’s Project Zero bug hunting team, has long been researching iPhone attacks without clicks. The week he explained three enhancements Apple had added to iMessage to stiffen the system and make it much more difficult for attackers to send malicious messages designed to wreak strategic havoc.
“These changes are probably very close to the best that could have been done given the need for backward compatibility, and should have a significant impact on the security of iMessage and the platform as a whole,” Groß wrote Thursday. “It’s great to see Apple set aside the resources for this kind of major restructuring to improve end-user security.”
In response to the Citizen Lab study, Apple said in December that “iOS 14 is a quantum leap in security and offers new protection against these types of attacks.”
iMessage is a clear target for zero-click attacks for two reasons. First, it is a communication system, which means that part of its function is to exchange data with other devices. iMessage is literally built for interaction-free activities; you don’t have to tap anything to receive a text or photo from a contact. And iMessage’s full suite of features – integrations with other apps, payment functionality, even little things like stickers and memoji – make it fertile ground for hackers, too. All of those interconnections and options are useful to users, but add an “attack surface” or potential for weakness.
“IMessage is a built-in service on every iPhone, so it’s a huge target for advanced hackers,” said Johns Hopkins cryptographer Matthew Green. “It also has a ton of bells and whistles, and each of these features is a new opportunity for hackers to find bugs that allow them to take control of your phone. So what this research shows is that Apple knows this and has quietly hardened the system. “
Groß outlines three new protections that Apple has developed to address its iMessage security issues on a structural level, rather than through patch patches. The first enhancement, dubbed BlastDoor, is a ‘sandbox’, essentially a quarantine area where iMessage can inspect incoming communications for potentially malicious attributes before releasing them in the main iOS environment.
The second new mechanism checks for attacks that manipulate a shared cache of system libraries. The cache randomly changes addresses in the system to make it more difficult to access maliciously. However, iOS does not change the shared cache address until after a reboot, giving attackers a no-click opportunity to discover its location; it’s like taking pictures in the dark until you hit something. The new protection is set to detect malicious activity and trigger a refresh without the user having to restart their iPhone.