Google Researcher Groß Identifies the BlastDoor Device in Apple iOS 14


Last year, Apple rolled out iOS 14 with many new features, tighter privacy laws, and elements that make the iPhone smarter, introducing to the iPhone and iPad versions a new safety mechanism primarily for the detection of malware attacks from the iMessage network. The BlastDoor Security Sandbox tool was launched in an upgrade to the iOS 14 in September 2020 and discovered that the MacOS 11.1 was running on the M1 powered Mac Mini after reverse engineering and is meant to protect parsing of untrusted data from messaging client iMessage. The service is claimed to be written in swift, a standard memory-safe language that is "significantly harder" for introducing classic vulnerabilities to memory manipulation into the codebase — in this iMessage.

The BlastDoor device, concealed inside iOS 14, has been identified by Samuel Groß, a security researcher with the Project Zero team of Google. The prosecutor wrote a blog post on the scope of the current framework to protect consumers from bad actors.

The main function of BlastDoor is to unpack and process incoming messages in a secure and isolated environment where any malicious code embedded in a message cannot communicate with, disrupt, or recover user data on the underlying operating system. The BlastDoor service only functions for iMessage, so it reads all the obtained data as a connection. When a link is submitted via iMessage, a sample of a webpage will first be made of the sending system and metadata (such as title and page descriptor) gathered until the link is bundled into a folder. This archive is then encrypted and directly submitted to iCloud servers with a temporary key. Once the connection is received, the keys sent to the receiver will be decoded. All this exists inside the operation BlastDoor. 

Since several security analysts had previously found out that the iMessage service did an inadequate job of sanitizing incoming user data, the need for a service such as BlastDoor was evident. In the last three years, several incidents have occurred in which security researchers or real-world attackers have discovered and exploited iMessage Remote Code Execution (RCE) problems to hack them by transmitting a simple email, picture, or video to a computer. 

In 2019, Groß and his fellow security researcher Natalie Silvanovich discovered "zero interaction" faults in iMessage, which could allow attackers to read the contents of iPhone files without any note or message. The BlastDoor device is likely to fix these problems.

Furthermoore, Groß stated in the blog post, "Overall, these changes are probably very close to the best that could've been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole."