iOS 14 Features New 'BlastDoor' Messages Security System

by

iOS 14 added a new "BlastDoor" sandbox security system to iPhones and iPads to prevent attacks carried out with the Messages app. Apple didn't share information on the new security addition, but it was explained today by Samuel Groß, a security researcher with Google's Project Zero, and highlighted by ZDNet.

messages pinned conversations ios 14
Groß describes BlastDoor as a tightly sandboxed service that's responsible for parsing all of the untrusted data in iMessages. A sandbox is a security service that executes code separately from the OS, and this one operates within the Messages app.

BlastDoor takes a look at all incoming messages and inspects their content in a secure environment, which prevents any malicious code inside of a message from interacting with iOS or accessing user data.

project zero blastdoor

As can be seen, the majority of the processing of complex, untrusted data has been moved into the new BlastDoor service. Furthermore, this design with its 7+ involved services allows fine-grained sandboxing rules to be applied, for example, only the IMTransferAgent and apsd processes are required to perform network operations. As such, all services in this pipeline are now properly sandboxed (with the BlastDoor service arguably being sandboxed the strongest).

The feature has been designed to thwart specific attack types, such as those where hackers used shared cache or brute force attacks. As ZDNet points out, security researchers have been finding iMessage remote code execution bugs over the past few years that could allow an iPhone to be infiltrated with just a text, which BlastDoor should address.

Groß found the new iOS 14 feature after investigating a Messages hacking campaign that targeted Al Jazeera journalists. The attack wasn't working in iOS 14, and investigating why led to his discovery of BlastDoor.

According to Groß, Apple's BlastDoor changes are "close to the best that could've been done given the need for backwards compatibility," and will make the iMessage platform significantly more secure.

This blog post discussed three improvements in iOS 14 affecting iMessage security: the BlastDoor service, resliding of the shared cache, and exponential throttling. Overall, these changes are probably very close to the best that could've been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole.

It's great to see Apple putting aside the resources for these kinds of large refactorings to improve end users' security. Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.

Those interested in the full rundown on how BlastDoor works can visit the Project Zero blog post on the subject.

Popular Stories

iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching Later This Year With These 12 New Features

Tuesday May 27, 2025 9:10 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of May 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X ...
Read Full Article76 comments
iOS 26 Mock Rainbow Feature

No iOS 19: Apple Going Straight to iOS 26

Wednesday May 28, 2025 11:56 am PDT by
With the design overhaul that's coming this year, Apple plans to rename all of its operating systems, reports Bloomberg. Going forward, iOS, iPadOS, macOS, tvOS, watchOS, and visionOS will be identified by year, rather than by version number. We're not going to be getting iOS 19, we're getting iOS 26. iOS 26 will be accompanied by iPadOS 26, macOS 26, tvOS 26, watchOS 26, and visionOS 26...
Read Full Article500 comments
Whatsapp Feature

WhatsApp Teases Long-Awaited iPad App

Monday May 26, 2025 10:23 am PDT by
The popular messaging app WhatsApp has teased a long-awaited iPad app, which would be offered alongside its existing iPhone and Mac apps. The official WhatsApp account on X today reacted with an eyes emoji to a post saying that WhatsApp should release an iPad app. This could be a hint that Meta is gearing up to release WhatsApp for iPad, which has already been available for beta testing via...
Read Full Article104 comments
WWDC 2025 Banner

WWDC is Just Two Weeks Away: Here Are the Biggest iOS 19 Rumors

Monday May 26, 2025 8:12 am PDT by
WWDC 2025 is just two weeks away as of today, with Apple's opening keynote scheduled for Monday, June 9 at 10 a.m. Pacific Time. During the keynote, Apple is expected to announce iOS 19, iPadOS 19, macOS 16, watchOS 12, tvOS 19, visionOS 3, and other software updates, along with new Apple Intelligence features. In some years, there are also hardware announcements at WWDC, but there are no...
Read Full Article44 comments
Apple Robot Thumb 1

Apple Pulls Some Features From Rumored Smart Home Robot [Updated]

Monday May 26, 2025 7:18 am PDT by
Apple has scrapped some of the features that it had planned for its rumored smart home robot, according to Bloomberg's Mark Gurman. "I'm told that Apple has pulled some bolder features from the device that could reappear in subsequent models," wrote Gurman, in his Power On newsletter this week. However, he did not reveal any of the specific features that were pulled. Apple made this...
Read Full Article115 comments
iPhone Top Left Hole Punch Face ID Feature 2

Apple Rumored to Redesign the iPhone Every Year Through to 2027

Tuesday May 27, 2025 5:17 am PDT by
Apple is reportedly preparing to implement significant iPhone hardware redesigns each year for the next three generations. According leaks from the Chinese supply chain disclosed by Weibo user "Digital Chat Station," Apple plans to carry out a series of phased industrial design changes affecting different parts of the iPhone across three consecutive years: 2025, 2026, and 2027. The changes...
Read Full Article108 comments
Emergency SOS via Satellite iPhone YT

Report: Apple Planned to Offer Starlink-Like Home Internet Service

Tuesday May 27, 2025 7:08 am PDT by
Apple had plans to offer a Starlink-like satellite home internet service in collaboration with Boeing, The Information reports. Starting in 2015, Apple held discussions with Boeing about "Project Eagle," a plan to launch a service to provide wireless internet services to iPhones and homes. The companies would have launched thousands of satellites into orbit around the Earth to beam internet...
Read Full Article74 comments

Top Rated Comments

Brandon42 Avatar
Brandon42
57 months ago

How am I really suppose to trust that my messages aren't being passed through a government server ??
I checked with the FBI van that always parks outside and they say you can trust the government in this situation.
Score: 44 Votes (Like | Disagree)
7149041 Avatar
7149041
57 months ago

So yeah, your messages are already on a govt server, before they hit your iPhone or any phone.
Not with end to end encryption, they aren't - which is why everyone should care about that. And why govts are slowly gearing up to outlaw "unbreakable" encryption.
Score: 15 Votes (Like | Disagree)
Osamede Avatar
Osamede
57 months ago

How am I really suppose to trust that my messages aren't being passed through a government server ??
Snowden is stuck in exile and still no one seems to grasp what he revealed that got him in trouble: the government ( or a least the government where he was from) collects ALL your data, everybody’s data, period.

So yeah, your messages are already on a govt server, before they hit your iPhone or any phone.
Score: 12 Votes (Like | Disagree)
cmaier Avatar
cmaier
57 months ago

Hopefully not. No point in giving bad actors any kind of advantage in defeating iOS security.
Security through obscurity is not a good strategy
Score: 12 Votes (Like | Disagree)
coolfactor Avatar
coolfactor
57 months ago
I love the fun names that Apple comes up with for these features.
Score: 8 Votes (Like | Disagree)
hot-gril Avatar
hot-gril
57 months ago

Not with end to end encryption, they aren't - which is why everyone should care about that. And why govts are slowly gearing up to outlaw "unbreakable" encryption.
We have low visibility into Apple's code, and even if it were open src, we'd not know whether their servers are always giving us the correct identities for others we message. Also, if your messages are backed up on iCloud, that's not e2ee'd, according to Apple.

Not to sound paranoid. I use it anyway. It's just not airtight.
Score: 6 Votes (Like | Disagree)
Read All Comments