BlastDoor - iPhone protection against malware, espionage and viruses

The current iPhone operating system iOS 14 has a security function called BlastDoor. This is intended to prevent harmful content from reaching the Apple smartphone via iMessage or links and attachments received via it. External content is checked and, if malicious software is found, only a sandbox preview is created. Among other things, so-called zero-click attacks are to be prevented with it; i.e. the installation of malware without user intervention. What BlastDoor is, how it works and whether it is 100% safe, I have summarized that for you in this guide.

BlastDoor function for iMessage since iOS 14 on the iPhone

Is a iPhone compatible with iOS 14 and if the operating system from 2020 was installed, then BlasDoor will also be used on it. This feature against attacks via iMessage is intended to stop malware of all kinds. For example, a link leads to a page that contains viruses, spy software or something Ransomware wants to install, then the possibility to access the page directly via the link will be revoked. At least that's the theory. The content is checked and a secure preview is created locally on your own device. This means that Apple has no idea what funny messages you're getting.

BlastDoor in iOS 14: Revealed by Google Project Zero

Apple didn't really make the feature public, and I haven't found any official Apple.com subpages dedicated to the topic. The feature for more security from iOS 14 on the Apple iPhone was found, named and explained by a completely different side: Google Project Zero. The Google group, which searches for security gaps in systems, reports them and makes them public in case of doubt, has the new security mechanisms for publication dedicated a blog post. It describes the feature written in the Swift programming language as "tightly sandboxed" and explains how it works. The following graphic shows the functionality in a simplified manner.

Is iMessage 100% secure?

One would like to assume that iMessage has been particularly secure since last year and should therefore be used for all communication with others. This may be the case for private users. However, some reports show that even more ambitious attacks were possible even under iOS 14.4 and iOS 14.6 - and these were even zero-click attacks. For example, in detail at TechCrunch a Pegasus attack on activists in Bahrain. With the Pegasus software from the NSO Group from Israel, it was apparently possible under the mentioned iOS versions to access data, tap the microphone and camera and implement further surveillance. 

iMessage is (likely) getting more secure with every iOS version

One of the current security updates for the Apple iPhone is iOS 14.7.1 - this is intended to fill security gaps that are not mentioned further and thus, among other things, remove zero-day vulnerabilities. The technology giant from Cupertino is silent about whether this also refers to the gateways for Pegasus attacks. However, it can be assumed that BlastDoor will be improved with this and future updates. Last but not least, a new major version will be released soon. I recommend this post to you: Is my iPhone compatible with iOS 15? If you are interested in the other innovations of the system, have a look here: Apple WWDC21 Keynote Summary.

Johannes Domke

After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.