iMessage in iOS 14 has a major upgrade over previous versions, taking security to an all-new level.
With more than 1 billion iPhones, Apple’s iMessage is one of the most popular messaging platforms on the market. As a result, it’s a popular target for hackers and bad actors looking for an attack vector.
It appears Apple has taken a significant step toward protecting iMessage users in iOS 14, adding a behind-the-scenes feature called BlastDoor, first noticed by Samuel Groß, a security researcher with Google’s Project Zero, and reported on by ZDNet.
BlastDoor unpacks a received message and all its contents in a safe, secure silo. This allows the the message to be opened and viewed without it being able to access the underlying system, user data or anything that could allow it to post a threat.
Groß seems confident the changes will be a net positive for iMessage security and should help reduce iMessage exploits.
Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole. It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security. Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.
