When Apple released iOS 14, the company incorporated a new feature into this version of the operating system aimed at protecting users of the iMessage application against the sending of malicious code that could lead to information theft. However, the Cupertino company had not mentioned this novelty of its OS.
A feature discovered by a Google researcher
Also, it was only a few days ago that we discovered the existence of this feature, called BlastDoor, thanks to a researcher from Project Zero from… Google.
As a reminder, this is an entity within the Mountain View firm whose role is to find flaws in the various services on the web (and not just Google services). Also, it is quite surprising that this January, one of the researchers of this project, Samuel Groß, publishes a blog post to discuss an improvement in the security of iMessage, and not to speak about a vulnerability.
What is BlastDoor?
According to the explanations of Zdnet.com which relay the publication of the Google researcher, BlastDoor is a sandbox. Its role is, in essence, to isolate the processing of messages on iMessage in a secure environment, so that the sending of malicious code hidden in the messages cannot affect the operating system.
When Google congratulates Apple
And while there are already many such secure environments in iOS, BlastDoor is dedicated to iMessage. In his post, Samuel Groß congratulates Apple.
“Overall, these changes are probably very close to the best that could have been made given the need for backward compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole.”, did he declare. “It’s great to see Apple setting aside the necessary resources for these kinds of important refactorings to improve end user security. “
Groß says he started to take an interest in iOS 14’s improvements to iMessage security after reading a Citizenlab post. It referred to attacks allegedly carried out by governments to target political dissidents by exploiting an iMessage flaw. But this post also stated that these attacks don’t seem to work with devices running iOS 14.
It should also be noted that in 2019, Google’s Project Zero had already find a flaw in iMessage that allowed to take control of the target’s data by simply sending a message.