web analytics
Home » Technology » Apple » Apple Leverages Zero-click Attacks Via Messages In iOS

Apple Leverages Zero-click Attacks Via Messages In iOS

group chat

London, UK - July 19, 2018: The buttons of Whatsapp, Messenger, Telegram, Pinterest Twitter, Facetime and other chat apps on the screen of an iPhone.

The introduction of the new technology called “BlastDoor” has been quietly implemented by Apple. However, it is deeply anchored in iOS 14, so that it can be assumed that the company simply did not want to talk about the matter in greater detail – especially not at the official presentation of the new operating system version. Discovered was the matter of security researcher Samuel Gross, who is responsible for Google Project Zero for iPhone exploits and attacks via Messenger.

So-called zero-click attacks via message services have been a popular attack vector for some time. All that is needed here is an unpatched vulnerability in the messenger to gain access to the system. This method is usually more suitable than a similar attempt via e-mail since messengers are active on significantly more smartphones at shorter intervals and thus malware can spread more efficiently.

New hurdles on many levels

However, as a rule, entire chains of the exploit are required that exploit several vulnerabilities in combination in order to be successful. Most of the time, the attacks run via insecure memory areas, through which malicious code can then be smuggled into the system without the need for interaction with the user or a message from the system.

Read More: Apple Mail Vulnerabilities Found Could Lead To Attacks On iPhone Users

And BlastDoor puts a pretty heavy stop to that. Incoming iMessage messages are subjected to a multi-stage check by the technology. In addition, Apple integrates procedures that can better identify problematic storage areas and place them under special observation. The main aim here is to prevent new brute force attempts to circumvent Address Space Layout Randomization (ASLR) from being intercepted.

According to Grob, however, BlastDoor makes all levels that normally belong to zero-click attacks much more difficult. Attackers not only have to overcome an additional hurdle here, but they also have to penetrate a whole network of new protective measures. The security researcher certifies that Apple is using what is probably the best method that is possible if you also have to consider things like downward compatibility.