Unbeknownst to nearly every user, Apple added a new security system to iPhones and iPad upon the release of iOS 14 late last year. The ‘BlastDoor’ security has been in place to protect against potential attacks carried out on the Messages app.
Apple made no mention of ‘BlastDoor’ when iOS 14 launched. However, as reported by ZDNet, Google researcher Samuel Groß discovered the new security system. Groß is working hands-on with Google’s Project Zero security team to identify potential vulnerabilities within any software. He has gone on to breakdown ‘BlastDoor’.
According to Groß, ‘BlastDoor’ is a basic sandbox. The security system operates separately from the rest of the operating system and is able to sift through all untrusted data coming through to the Messages app. Although iOS contains numerous sandbox systems, ‘Blastdoor’ only operates within the Messages app.
Its sole purpose is to take incoming messages and unpack their contents within an isolated environment to identify potential threats. While isolating the message, any potential security attack won’t be able to harm the device’s operating system nor discover the data of the user.
‘BlastDoor’ was created and implemented as a need for a security system that could monitor the Messages app and protect users against brute force attacks. In recent years, security researchers have found that it’s become more common to find remote code execution. Simple text, photo, or video could be sent to a user’s device that could cause irrepressible harm.
In the summer of 2020, a hacking campaign against Al Jazeera journalists began. Groß first caught wind of ‘BlastDoor’ when it was discovered that the attacks weren’t effective on iOS 14. After doing some research, it was discovered that Apple created ‘BlastDoor’, rectifying the need for improved security with its Messages app.
In a blog post, Groß said “Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole.”