Even though Apple works very hard to make sure that the iPhone and iPad are some of the most secure consumer devices on the planet, it’s a constant cat-and-mouse game as hackers always find new loopholes and exploits to get into the iOS operating system in unanticipated ways. Now, however, it looks like Apple is making some pretty big sweeping steps in iOS 14.5 to lock the whole system down even further.
In fact, Apple has already been taking steps to harden iOS 14 against one of the most common exploits — iMessage vulnerabilities — thanks to a very cool new technology dubbed ‘Blastdoor’. However, it looks like Blastdoor was only the beginning, with iOS 14.5 adding some new defences against “zero-click” attacks in general.
The discovery, first reported by Motherboard, actually has hackers and other “security researchers” who look for ways to exploit iOS to their advantage scrambling to find alternatives, and in fact almost all of them agree that it’s going to make the process of compromising iOS devices much, much harder — which is of course a very good thing for the rest of us.
As the name implies, a “zero-click attack” is a method by which hackers can take advantage of security vulnerabilities to get into your iPhone or iPad without requiring any interaction on your part.
This differs from most malware, which usually comes as a result of the user clicking on something they shouldn’t have. Even most text message scams are predicated entirely on trying to lure, or “socially engineer” the unsuspecting user into clicking a link in the hopes that they’ve won something or the fear that there may be consequences for them not clicking it.
While in some cases, these links simply lead to scam sites that try to convince you to give up money or personal information, in many others they can actually run code that could let hackers get into your iPhone in some way.
However, even two years ago, Google’s Project Zero team discovered a big flaw in iOS 12.3 that were “interactionless” vulnerabilities, requiring a user to do little more than glance at a received text message to execute malicious code on their device. Apple patched that flaw rapidly in iOS 12.4, and there’s no evidence that it was exploited before that, but it provides a pretty good idea of how dangerous some of these exploits can be.
Hardening the iPhone
As we saw with Blastdoor, it appears that Apple has finally grown tired of taking a purely reactive, or defensive approach when it comes to these kinds of vulnerabilities, and it’s going on the offensive by rearchitecting iOS in ways that will make it considerably more difficult for these kinds of exploits to even exist in the first place.
While the changes are very technical and likely of meaningful interest only to developers, security researchers, and hackers, they involve requiring cryptographic authentication before any code that could be used to point to other sections of memory, thereby tricking iOS into running code from there.
Apple has architected iOS to keep programs running in their own isolated areas, or “sandboxes.” These areas are protected so that no matter how nefarious the code is within a given app, it can only affect its own sandbox — it can’t touch other apps, overwrite data elsewhere, or crash the entire system.
Traditionally, most exploits have involved hackers figuring out a way to escape from those areas so that they can run their malicious code elsewhere in the system, where it can get access to data and resources that should normally be off-limits, or where it can simply do more damage.
To use a slightly imperfect analogy, it’s the equivalent of an armed prisoner escaping from their cell. In the past, Apple has focused on how these prisoners have escaped, and closed up each of the methods used after the fact, preventing them from being used again by other prisoners.
Now, however, Apple has decided to lock things down proactively by making sure that any armaments that a prisoner would use are rendered inert unless they’re validated by the system. It’s like some sci-fi movies where police or soldiers have weapons that can only be used with their own biosignatures.
‘Some Techniques Irretrievably Lost’
Technical details aside, what’s significant here is that Motherboard has spoken to actual hackers who have traditionally looked for and taken advantage of these exploits, and Apple’s latest changes are making them extremely nervous.
Naturally, Motherboard interviewed most of these folks on condition of anonymity, as many of their activities are questionable at best. For example, one source who develops exploits for government customers shared that it’s going to make their life “significantly harder.”
It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder.Anonymous exploit developer speaking to Motherboard
Another security researcher who requested anonymity because he was not authorized to speak to the press, said that many iPhone hackers are quite worried “because some techniques are now irretrievably lost.”
While not all security researchers and hackers agree that this is the end of zero-click exploits on iOS devices, and of course, it seems likely that they’ll eventually find other ways to get around this, they all seem to concur that Apple has in the very least significantly raised the bar, and made their lives much more difficult.
This mitigation in reality probably just raises the cost of 0clicks, but a determined attacker with a lot of resources would still be able to pull it off.Jamie Bishop, developer, Checkra1n jailbreak
Most importantly, it’s going to raise the cost of launching these kinds of attacks, which by itself should make them considerably less common, likely leaving them solely within the realm of shadowy government agencies who can have the resources, and thereby also making them much more likely to be targeted attacks against specific individuals, as opposed to something that hackers and scammers can simply attempt to use against random users.