iOS 14 Features New 'BlastDoor' Messages Security System

by

iOS 14 added a new "BlastDoor" sandbox security system to iPhones and iPads to prevent attacks carried out with the Messages app. Apple didn't share information on the new security addition, but it was explained today by Samuel Groß, a security researcher with Google's Project Zero, and highlighted by ZDNet.

messages pinned conversations ios 14
Groß describes BlastDoor as a tightly sandboxed service that's responsible for parsing all of the untrusted data in iMessages. A sandbox is a security service that executes code separately from the OS, and this one operates within the Messages app.

BlastDoor takes a look at all incoming messages and inspects their content in a secure environment, which prevents any malicious code inside of a message from interacting with iOS or accessing user data.

project zero blastdoor

As can be seen, the majority of the processing of complex, untrusted data has been moved into the new BlastDoor service. Furthermore, this design with its 7+ involved services allows fine-grained sandboxing rules to be applied, for example, only the IMTransferAgent and apsd processes are required to perform network operations. As such, all services in this pipeline are now properly sandboxed (with the BlastDoor service arguably being sandboxed the strongest).

The feature has been designed to thwart specific attack types, such as those where hackers used shared cache or brute force attacks. As ZDNet points out, security researchers have been finding iMessage remote code execution bugs over the past few years that could allow an iPhone to be infiltrated with just a text, which BlastDoor should address.

Groß found the new iOS 14 feature after investigating a Messages hacking campaign that targeted Al Jazeera journalists. The attack wasn't working in iOS 14, and investigating why led to his discovery of BlastDoor.

According to Groß, Apple's BlastDoor changes are "close to the best that could've been done given the need for backwards compatibility," and will make the iMessage platform significantly more secure.

This blog post discussed three improvements in iOS 14 affecting iMessage security: the BlastDoor service, resliding of the shared cache, and exponential throttling. Overall, these changes are probably very close to the best that could've been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole.

It's great to see Apple putting aside the resources for these kinds of large refactorings to improve end users' security. Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.

Those interested in the full rundown on how BlastDoor works can visit the Project Zero blog post on the subject.

Popular Stories

Beyond iPhone 13 Better Triad

Apple's 20th Anniversary iPhone May Finally Go All Screen

Tuesday April 15, 2025 6:31 am PDT by
Apple is preparing a "bold" new iPhone Pro model for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. As part of what's being described as a "major shake-up," Apple is said to be developing a design that makes more extensive use of glass – and this could point directly to the display itself. Here's the case for Apple releasing a truly all-screen iPhone with no...
Read Full Article86 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

iPhone 17 Pro Launching Later This Year With These 12 New Features

Sunday April 13, 2025 7:52 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article129 comments
iOS 19 Roundup Feature

iOS 19 Will Add These New Features to Your iPhone

Tuesday April 15, 2025 7:37 am PDT by
The first iOS 19 beta is less than two months away, and there are already a handful of new features that are expected with the update. Apple should release the first iOS 19 beta to developers immediately following the WWDC 2025 keynote, which is scheduled for Monday, June 9. Following beta testing, the update should be released to the general public in September. Below, we recap the key...
Read Full Article33 comments
CarPlay Hero

Apple Releases Wireless CarPlay Fix

Wednesday April 16, 2025 11:28 am PDT by
If you have been experiencing issues with wireless CarPlay in your vehicle lately, it was likely due to a software bug that has now been fixed. Apple released iOS 18.4.1 today, and the update's release notes say it "addresses a rare issue that prevents wireless CarPlay connection in certain vehicles." If wireless CarPlay was acting up for you, updating your iPhone to iOS 18.4.1 should...
Read Full Article70 comments
iphone 16 pro models 1

17 Reasons to Wait for the iPhone 17

Thursday April 17, 2025 4:12 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you skipped the iPhone...
Read Full Article82 comments
Apple 2025 Thumb 1

10 Products Still Coming From Apple in 2025

Friday April 11, 2025 4:14 pm PDT by
Apple may have updated several iPads and Macs late last year and early this year, but there are still multiple new devices that we're looking forward to seeing in 2025. Most will come in September or October, but there could be a few surprises before then. We've rounded up a list of everything that we're still waiting to see from Apple in 2025. iPhone 17, 17 Air, and 17 Pro - We get...
Read Full Article60 comments
iOS 18

Apple Releases iOS 18.4.1 With Bug Fixes

Wednesday April 16, 2025 10:11 am PDT by
Apple today released iOS 18.4.1 and iPadOS 18.4.1, minor updates to the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.4.1 and iPadOS 18.4.1 come two weeks after the launch of iOS 18.4 and iPadOS 18.4. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. There have been complaints about ...
Read Full Article40 comments
iPhone 6s MacRumors YouTube

Apple Says These Products Are Now Vintage

Tuesday April 15, 2025 9:53 am PDT by
Apple today updated its vintage products list to add the 2018 Mac mini and the iPhone 6s, devices that will get more limited service and repairs now that they are considered vintage. The iPhone 6s initially launched in 2015, but Apple kept it around as a low-cost device until 2018, which is why it is only now being added to the vintage list. The iPhone 6s had Apple's A9 chip, and it was...
Read Full Article77 comments
macOS Sequoia Feature

Apple Releases macOS Sequoia 15.4.1 With Bug Fixes

Wednesday April 16, 2025 10:16 am PDT by
Apple today released macOS Sequoia 15.4.1, a minor update to the macOS Sequoia operating system that launched in September. macOS Sequoia 15.4.1 comes two weeks after the launch of macOS Sequoia 15.4. Mac users can download the ‌‌macOS Sequoia‌‌ update through the Software Update section of System Settings. It is available for free on all Macs able to run macOS 15. According to...
Read Full Article40 comments

Top Rated Comments

Brandon42 Avatar
Brandon42
55 months ago

How am I really suppose to trust that my messages aren't being passed through a government server ??
I checked with the FBI van that always parks outside and they say you can trust the government in this situation.
Score: 44 Votes (Like | Disagree)
7149041 Avatar
7149041
55 months ago

So yeah, your messages are already on a govt server, before they hit your iPhone or any phone.
Not with end to end encryption, they aren't - which is why everyone should care about that. And why govts are slowly gearing up to outlaw "unbreakable" encryption.
Score: 15 Votes (Like | Disagree)
Osamede Avatar
Osamede
55 months ago

How am I really suppose to trust that my messages aren't being passed through a government server ??
Snowden is stuck in exile and still no one seems to grasp what he revealed that got him in trouble: the government ( or a least the government where he was from) collects ALL your data, everybody’s data, period.

So yeah, your messages are already on a govt server, before they hit your iPhone or any phone.
Score: 12 Votes (Like | Disagree)
cmaier Avatar
cmaier
55 months ago

Hopefully not. No point in giving bad actors any kind of advantage in defeating iOS security.
Security through obscurity is not a good strategy
Score: 12 Votes (Like | Disagree)
coolfactor Avatar
coolfactor
55 months ago
I love the fun names that Apple comes up with for these features.
Score: 8 Votes (Like | Disagree)
hot-gril Avatar
hot-gril
55 months ago

Not with end to end encryption, they aren't - which is why everyone should care about that. And why govts are slowly gearing up to outlaw "unbreakable" encryption.
We have low visibility into Apple's code, and even if it were open src, we'd not know whether their servers are always giving us the correct identities for others we message. Also, if your messages are backed up on iCloud, that's not e2ee'd, according to Apple.

Not to sound paranoid. I use it anyway. It's just not airtight.
Score: 6 Votes (Like | Disagree)
Read All Comments