by Dan Moren
iOS 14 protects iMessages with “Blast Door”
Really interesting (albeit highly technical) look from Google security researcher Samuel Groß at a new iMessage protection scheme that Apple introduced in iOS 14:
As can be seen, the majority of the processing of complex, untrusted data has been moved into the new BlastDoor service. Furthermore, this design with its 7+ involved services allows fine-grained sandboxing rules to be applied, for example, only the IMTransferAgent and apsd processes are required to perform network operations. As such, all services in this pipeline are now properly sandboxed (with the BlastDoor service arguably being sandboxed the strongest).
In short, iMessage now has a custom security protocol that makes it harder for malicious messages (a known attack vector in earlier versions of iMessage) to compromise the whole system, while also keeping the service backwards compatible with devices running on earlier OS versions. Impressive work from Apple that’s all essentially happening invisibly to the end user.