iOS 14 Features New 'BlastDoor' Messages Security System

by

iOS 14 added a new "BlastDoor" sandbox security system to iPhones and iPads to prevent attacks carried out with the Messages app. Apple didn't share information on the new security addition, but it was explained today by Samuel Groß, a security researcher with Google's Project Zero, and highlighted by ZDNet.

messages pinned conversations ios 14
Groß describes BlastDoor as a tightly sandboxed service that's responsible for parsing all of the untrusted data in iMessages. A sandbox is a security service that executes code separately from the OS, and this one operates within the Messages app.

BlastDoor takes a look at all incoming messages and inspects their content in a secure environment, which prevents any malicious code inside of a message from interacting with iOS or accessing user data.

project zero blastdoor

As can be seen, the majority of the processing of complex, untrusted data has been moved into the new BlastDoor service. Furthermore, this design with its 7+ involved services allows fine-grained sandboxing rules to be applied, for example, only the IMTransferAgent and apsd processes are required to perform network operations. As such, all services in this pipeline are now properly sandboxed (with the BlastDoor service arguably being sandboxed the strongest).

The feature has been designed to thwart specific attack types, such as those where hackers used shared cache or brute force attacks. As ZDNet points out, security researchers have been finding iMessage remote code execution bugs over the past few years that could allow an iPhone to be infiltrated with just a text, which BlastDoor should address.

Groß found the new iOS 14 feature after investigating a Messages hacking campaign that targeted Al Jazeera journalists. The attack wasn't working in iOS 14, and investigating why led to his discovery of BlastDoor.

According to Groß, Apple's BlastDoor changes are "close to the best that could've been done given the need for backwards compatibility," and will make the iMessage platform significantly more secure.

This blog post discussed three improvements in iOS 14 affecting iMessage security: the BlastDoor service, resliding of the shared cache, and exponential throttling. Overall, these changes are probably very close to the best that could've been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole.

It's great to see Apple putting aside the resources for these kinds of large refactorings to improve end users' security. Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.

Those interested in the full rundown on how BlastDoor works can visit the Project Zero blog post on the subject.

Popular Stories

Apple Watch Ultra 2 Complications

Apple Watch Ultra 3 Just Weeks Away: Eight Reasons to Upgrade

Wednesday August 20, 2025 6:44 am PDT by
We're only weeks away from Apple's annual iPhone event – rumored to take place on September 9 – and along with the new iPhone 17 series, we're going to get a new version of the Apple Watch Ultra for the first time since 2023. By the time the Ultra 3 is unveiled, it will have been two years since the previous model arrived. The intervening period has left plenty of room for enhancements,...
Read Full Article69 comments
apple wallet drivers license feature iPhone 15 pro

iPhone Driver's Licenses in Apple Wallet Now Available in 10 U.S. States

Wednesday August 20, 2025 12:00 pm PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. This week, Apple announced the 10th U.S. state that has implemented the feature: Montana. Below, we have recapped key details about...
Read Full Article67 comments
airpods pro 2 green

Apple Releases New Beta Firmware for AirPods Pro 2 and AirPods 4

Tuesday August 19, 2025 11:25 am PDT by
Apple today provided developers with updated beta firmware for the AirPods Pro 2 and AirPods 4, allowing them to test the new AirPods features in iOS 26, iPadOS 26, and macOS Tahoe. The firmware is only available to developers at the current time, and a device running iOS 26, iPadOS 26, or macOS 26 is required to install the update. The firmware has a build number of 8A5343a, up from 8A5324b. ...
Read Full Article27 comments
Generic iOS 18

iOS 18.6.2 Update Coming Soon for iPhones

Tuesday August 19, 2025 9:29 am PDT by
Apple's software engineers are testing iOS 18.6.2, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions. Yesterday, an anonymous source with a proven track record said iOS 18.6.2 was incoming, but the update was not present in our logs at that time. Last year, the same anonymous source claimed that iOS 17.5.2 was in the pipeline, but Apple ...
Read Full Article24 comments
TechWoven

Apple Rumored to Launch 'TechWoven' Cases for iPhone 17 With 'Crossbody Strap' Option

Wednesday August 20, 2025 8:21 am PDT by
Apple is planning to launch a new "TechWoven" line of cases for the iPhone 17 series, according to a leaker known as "Majin Bu." Two years ago, Apple stopped selling leather iPhone cases, as part of the company's efforts to reduce its carbon emissions. As an alternative, Apple introduced a new "FineWoven" line of fabric iPhone cases made from 68% post-consumer recycled content, but they were ...
Read Full Article145 comments
iOS 26 Feature

Here's Everything New in iOS 26 Beta 7

Monday August 18, 2025 11:59 am PDT by
The seventh developer beta of iOS 26 is now available. While we are now in the later stages of the iOS 26 beta cycle, there are still some changes. Below, we outline everything new that we have found in iOS 26 beta 7 so far. Redesigned Blood Oxygen Feature The seventh developer betas of iOS 26 and watchOS 26 include a redesigned Blood Oxygen feature on Apple Watch Series 9, Apple Watch ...
Read Full Article56 comments
Home Hub Command Center with Dome Base Feature

Apple Working on All-New Operating System

Saturday August 16, 2025 6:45 am PDT by
Apple is developing an all-new operating system codenamed "Charismatic," according to Bloomberg's Mark Gurman. Apple smart home hub concept This is likely Apple's long-rumored "homeOS" operating system. In a report this week, Gurman said both Apple's rumored smart home hub in 2026 and tabletop robot in 2027 will run the new operating system. He said the software platform will blend...
Read Full Article128 comments
Apple Card iPhone 16 Pro Feature

Apple Card Turns Six With Big Change Ahead

Tuesday August 19, 2025 2:26 pm PDT by
Tomorrow marks the sixth anniversary of the Apple Card becoming widely available in the U.S., following a more limited preview period. Apple's credit card can be managed in the iPhone's Wallet app, with key benefits including color-coded spending summaries, no fees, and Daily Cash cash back paid out daily. Apple Card holders can also open a high-yield savings account. The anniversary...
Read Full Article102 comments

Top Rated Comments

Brandon42 Avatar
Brandon42
60 months ago

How am I really suppose to trust that my messages aren't being passed through a government server ??
I checked with the FBI van that always parks outside and they say you can trust the government in this situation.
Score: 44 Votes (Like | Disagree)
7149041 Avatar
7149041
60 months ago

So yeah, your messages are already on a govt server, before they hit your iPhone or any phone.
Not with end to end encryption, they aren't - which is why everyone should care about that. And why govts are slowly gearing up to outlaw "unbreakable" encryption.
Score: 15 Votes (Like | Disagree)
Osamede Avatar
Osamede
60 months ago

How am I really suppose to trust that my messages aren't being passed through a government server ??
Snowden is stuck in exile and still no one seems to grasp what he revealed that got him in trouble: the government ( or a least the government where he was from) collects ALL your data, everybody’s data, period.

So yeah, your messages are already on a govt server, before they hit your iPhone or any phone.
Score: 12 Votes (Like | Disagree)
cmaier Avatar
cmaier
60 months ago

Hopefully not. No point in giving bad actors any kind of advantage in defeating iOS security.
Security through obscurity is not a good strategy
Score: 12 Votes (Like | Disagree)
coolfactor Avatar
coolfactor
60 months ago
I love the fun names that Apple comes up with for these features.
Score: 8 Votes (Like | Disagree)
hot-gril Avatar
hot-gril
60 months ago

Not with end to end encryption, they aren't - which is why everyone should care about that. And why govts are slowly gearing up to outlaw "unbreakable" encryption.
We have low visibility into Apple's code, and even if it were open src, we'd not know whether their servers are always giving us the correct identities for others we message. Also, if your messages are backed up on iCloud, that's not e2ee'd, according to Apple.

Not to sound paranoid. I use it anyway. It's just not airtight.
Score: 6 Votes (Like | Disagree)
Read All Comments