Business Today

Apple iOS 14 has secret security system for iMessage, says Google researcher

The BlastDoor service is meant to work only for iMessage, which is why it dedicatedly reads all the data received as a link

twitter-logoShubham Verma | January 29, 2021 | Updated 17:42 IST


  • Apple's iOS 14 comes with a sandboxed BlastDoor system.
  • This system works only for iMessage and protects against harmful content.
  • Earlier, the iOS did not come with so much security.

Apple rolled out iOS 14 last year with several new features, stricter privacy rules, and elements that make the iPhone even smarter. But the iOS 14 comes with a secret sandboxed security system called BlastDoor, a security researcher working with Google's Project Zero team has discovered. The BlastDoor service is responsible for parsing untrusted data in iMessage, working independently from the device's security system, hence, minimising workloads on the operating system. The BlastDoor service can identify harmful content received in iMessages in a sandboxed system and protect the device from it.

Security researcher Samuel Groß wrote that BlastDoor service is written in Swift, which makes it difficult to introduce "classic memory corruption vulnerabilities into the codebase." The BlastDoor service is meant to work only for iMessage, which is why it dedicatedly reads all the data received as a link. When a link is sent using iMessage, "the sending device will first render a preview of the webpage and collect some metadata about it (such as the title and page description)" before that link is packed into an archive. This archive is then encrypted with a temporary key and uploaded directly to iCloud servers. Then, on receiving the link, the decryption happens with the keys sent to the receiver. All of this happens inside the BlastDoor service.

Before BlastDoor was created and rolled out as a part of the iOS 14 update, Apple used to check content in iMessages through the IMAgent, which is short for Instant Messaging Agent, which provided privacy and security to Apple's messaging platform. However, it was not as secure as the current BlastDoor sandboxed service is, allowing hackers to inject malicious code to obtain private information of the Apple user. "The stronger sandbox of the BlastDoor service, which could prevent the exploitation of a privilege escalation vulnerability after compromising the BlastDoor process," Groß wrote in a blog post.

Apple has secured the iOS platform with the latest iteration, but more than the protection against malicious content and elements, the iOS 14 focuses on user privacy. With the next update of iOS 14, Apple will need developers to offer prompts on the screen that will need the user to grant permission before personal identifiers for targeted advertising are enabled. The developers are also required to put nutrition labels for their apps to inform users what data they will collect, share, and keep.

However, Facebook has categorically slammed the new privacy rules because it thinks Apple wants to seize the competition its iMessage faces from Facebook's IM apps. Facebook ran a campaign against Apple, saying the new privacy changes curb the growth of businesses on the social media platform. But in reality, it was a guise that Facebook put on to protect its ad platform. Apple, however, is adamant and moving ahead with the new privacy changes.

  • Print
A    A   A