Skip to main content

Apple iOS 14 introduces BlastDoor Sandbox security system to iMessage

In the past, there have been various instances where security researchers revealed that a “string of texts” received over SMS could crash your phone or worse, send it into a boot-loop. These kinds of exploits have been reported at least once every year for both iOS and Android smartphones but turns out, iOS 14 has a way to thwarting these kinds of exploits for good, thanks to a system called BlastDoor.

Discovered by a Google Project Zero researched named Samuel Groß, BlastDoor works by parsing all the data contained in an iMessage in a secure sandbox, isolated from the rest of the operating system. By doing so, the contents of the iMessage, if nefarious, won’t have an impact on the OS. All apps installed on an iOS device exist in their own sandboxes, which governed by very tight policies. The BlastDoor sandbox for iMessage has been designed to thwart most exploits which either use brute force or exploit the shared cache on iOS.  Groß says he found the existence of BlastDoor when investigating a hacking campaign against Al Jazeera journalists. There were instances where the hacks did not work and the common thread appeared to be the fact that they were running iOS 14 on their iPhones.

While BlastDoor sandbox definitely makes iMessage more secure, it does not do much for the traditional SMS. Last year in April 2020, a text-based exploit was discovered which could be initiated via a normal SMS. A string of characters written in Sindhi when received as an SMS would freeze iOS completely, rendering the person’s iPhone/iPad completely useless till the OS would crash, and the device could be rebooted. This was due to a bug in iOS, one which Apple has since fixed, but it highlights how the short messaging service format is still a likely vector for delivering exploits.

Messaging apps have been a popular point of intrusion into smartphones for several years now. We’ve seen text message string crash phones, brick them permanently, lock them temporarily, and in one case, even serve as a means of gaining full access to the device. The now infamous Pegasus used a vulnerability in WhatsApp, allowing the hacker full access to a target smartphone, all done remotely. The BlastDoor sandbox for iMessage introduced in iOS14 should prevent some, if not all intrusion and malicious events.



from Latest Technology News https://ift.tt/36nuZin
Labels:

Comments

Post a Comment

Popular posts from this blog

What if a botched Google search card says you are a serial killer

Many of us have come to heavily rely on Google Search and often don’t question the veracity of information Google cherry-picks from the vast data available on the world wide web for its search cards. This incident, which is one part funny and two parts scary, makes it clear that Google’s Knowlege Graph may not be as sacrosanct as you may have believed.  Hristo Georgiev was informed by a former colleague that a Google search of his name returned a Google Knowlege Graph that depicted his photo and linked it to a Bulgarian rapist and serial killer of the same name, also known as ‘The Sadist’, who murdered five people back in the 1970s and was later executed by shooting.  The graph linked the info to a Wikipedia article, which incidentally had no link to any of Georgiev’s profile or his image. It was Google’s algorithms that erroneously matched the two. What’s even more problematic is that Hristo Georgiev is not a unique name and is shared by hundreds of other people.  As...
Post a Comment
Read more

MWC 2023: A comparison of the top 4 Xiaomi 13 vs Xiaomi 13 Pro features

Xiaomi launched the Xiaomi 13 and Xiaomi 13 Pro globally a day before MWC 2023. And if you are planning to buy a new Xiaomi flagship phone, you may need clarity on the Xiaomi 13 and Xiaomi 13 Pro differences. The latter is the bigger, better, and pricier model of the two.  So, what we will be doing here is comparing the specs, features and price of these two phones and finding out which one better fits your bill. Xiaomi 13 vs Xiaomi 13 Pro comparison These differences between Xiaomi 13 and Xiaomi 13 Pro might affect your buying decision. We will be comparing the two Xiaomi phones based on their design, display, performance factors, battery, camera, and price. 1. Design Xiaomi 13 Pro is slightly thicker and heavier than Xiaomi 13. It comes with Gorilla Glass Victus protection on the front and a ceramic back option. 2. Display Xiaomi 13 Pro has got a curvy-edged display whilst the regular 13 has a flat front panel. The Pro model has an LTPO screen which means an adaptive refres...
Post a Comment
Read more