This week there was the launch in Spain of iOS 14.4, an update that initially did not seem very important, as it only included some improvements in the iPhone's camera and the solution to some problems.

However, just a few hours later the true importance of this update was revealed, when it was revealed that Apple had corrected three errors in iOS that put users at risk.

But it turns out that was just the beginning. Samuel Groß, a researcher belonging to Google's Project Zero, the elite team dedicated to finding security holes, has discovered that iOS 14 actually completely changes the security of the system.

iOS protection

This is a new functionality, which has not been officially announced by Apple but is already available on all updated devices to block malicious messages; especially those that include code that allows the device to be hacked.

Groß has called this functionality BlastDoor, and it is a sandbox, a safe space in which programs can be executed without affecting the operating system. The idea is that the code is executed in a controlled environment, in such a way that if try something troublesome, unable to access user data or change device settings.

How Blastdoor Works, iOS Message Protection Project ZeroOmicrono

Many systems and applications have something similar to a sandbox to protect their code. The most famous case is perhaps that of Google Chrome, which ten years ago introduced a function that isolates each tab separately to prevent them from accessing the rest's data.

Sandbox for messages

Apple's implementation is responsible for obtaining new messages that arrive in the iOS Messages app (iMessages in English) and unpacking its content in an environment isolated from the rest.

In this way, if the message has code that is executed when opening the message, it will not be able to do anything, neither get our data nor interact with the operating system. For all practical purposes, this makes the attack completely harmless, and the user will be completely protected.

Everything indicates that Apple has implemented this functionality in response to the appearance of new types of attacks based on sending malicious messages. Specifically, at the end of 2020 it was discovered that a bug in the system allowed the espionage of journalists just by sending a text message.

The attackers took advantage of a vulnerability in the iOS Messages app, and Groß decided to investigate iOS 14 when he learned that the attack no longer worked in the latest version.

It is not clear why Apple has not made this system public, considering that it represents a clear improvement in security. It may be to avoid drawing attention to the fact that mobiles that are still using iOS 13 or lower are still vulnerable.

It may interest you...

Follow the topics that interest you