Apple iOS Operation system is generally considered secure, certainly sufficient for most users most of the time. But in recent years, hackers have managed to find a number of loopholes that provide entry points into iPhones and iPads. Many of them have been what are called zero clicks or no interaction attacks that can infect a device without the victim clicking a link or downloading a file containing malware. Many times these militarized vulnerabilities turned out to be in Apple’s chat application, iMessage. But now it looks like Apple has had enough. New Studies show what company took iMessage’s defenses to a whole new level with the iOS 14 released in September.
At the end of December, for example, researchers at the Citizen Lab at the University of Toronto published results of a summer hacking campaign in which attackers successfully targeted dozens of Al Jazeera journalists with a clickless iMessages attack to install NSO Group’s infamous Pegasus spyware. Citizen Lab said at the time that it did not believe iOS 14 was vulnerable to the hack used in the campaign; all the victims were using iOS 13, which was common at the time.
Samuel Groß has a long time investigation Clickless iPhone attacks alongside a number of his Google colleagues Project Zero Bug Hunting Team. Last week, he detailed three improvements Apple added to iMessage to harden the system and make it much harder for attackers to send malicious messages designed to wreak strategic havoc.
“These changes are probably very close to the best that could have been made given the need for backward compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,” Groß wrote on Thursday. . “It’s great to see Apple putting aside the resources needed for these kinds of important refactorings to improve end-user security.”
In response to Citizen Lab research, Apple said in December that “iOS 14 is a major leap forward in security and offers new protections against these types of attacks.”
iMessage is an obvious target for click-less attacks for two reasons. First, it is a communication system, which means that part of its function is to exchange data with other devices. iMessage is literally designed for an activity without interaction; you don’t need to tap anything to receive a text or photo from a contact. And iMessage’s full suite of features – integrations with other apps, payment features, even small things like stickers and memojis – also make it fertile ground for hackers. All of these interconnections and options are convenient for users but add an “attack surface” or potential for weakness.
“IMessage is a service built into every iPhone, so it’s a huge target for sophisticated hackers,” says Johns Hopkins cryptographer Matthew Green. “It also has a ton of bells and whistles, and each of those features is a new opportunity for hackers to find bugs that allow them to take control of your phone. So what this research shows is that Apple knows it and has quietly beefed up the system. “
Groß introduces three new protections developed by Apple to address its iMessage security issues at a structural level, rather than through Band-Aid fixes. The first enhancement, dubbed BlastDoor, is a “sandbox,” essentially a quarantine area where iMessage can inspect incoming communications for potentially malicious attributes before posting them to the main iOS environment.
The second new mechanism monitors attacks that manipulate a shared cache of system libraries. The cache changes addresses in the system at random to make malicious access more difficult. However, iOS only changes the address of the shared cache after a restart, which gave click-less attackers the ability to discover its location; it’s like taking pictures in the dark until you hit something. The new protection is configured to detect malicious activity and trigger a refresh without requiring the user to restart their iPhone.