Apple has added a ‘BlastDoor’ security feature across its operating systems to battle hacks into its devices via incoming iMessages.
The “BlastDoor” feature processes incoming iMessage traffic and only passes on safe data to the rest of an Apple device’s operating system, company officials said in a briefing.
Starting in 2016, a team of former U.S. government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders, Reuters reported here in 2019. Using a sophisticated spying tool called Karma, which relied on a flaw in Apple’s iMessage system, they accessed iPhones without requiring the targets to click on anything to establish a connection. A new wave of attacks last year used similar tools to target journalists at Al Jazeera.
While largely invisible to users, BlastDoor is present on iOS 14, the most recent version of Apple’s iPhone operating system, and systems for all its other devices, company officials said.
Apple held the briefing around the release of its annual security guide for cybersecurity researchers.
The latest update included new details on how many security features long found in iPhones are being brought over to Apple’s Mac computer line, which in November began to integrate custom-designed processor chips after more than a decade of relying on Intel Corp processors.
MacDailyNews Take: In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal iPhones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked.
The phones were compromised using an exploit chain that Citizen Lab calls KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11.
Citizen Lab does not believe that KISMET works against iOS 14.x, as Apple’s latest iOS version includes new security protections.
This is yet another reason to keep your devices’ operating systems up-to-date at all times.