An associate professor at the Johns Hopkins Information Security Institute has said that Apple can and must do more to prevent NSO attacks.
He argues that while it’s true that it is impossible to completely prevent exploits based on zero-day vulnerabilities, there are two steps that the iPhone maker can take to make NSO’s job much harder …
Cryptographer Matthew Green makes his case in a blog post. He says the most worrying aspect is apparent zero-click attacks sent via iMessage. Simply receiving the message is enough to take control over the iPhone: The attack doesn’t need the user to interact with it in any way.
A more worrying set of attacks appear to use Apple’s iMessage to perform “0-click” exploitation of iOS devices. Using this vector, NSO simply “throws” a targeted exploit payload at some Apple ID such as your phone number, and then sits back and waits for your zombie phone to contact its infrastructure.
This is really bad. While cynics are probably correct (for now) that we probably can’t shut down every avenue for compromise, there’s good reason to believe we can close down a vector for 0-interaction compromise. And we should try to do that.
He says Apple needs to address a fundamental security weakness in iMessage, and the company’s attempt to do so with a firewall known as BlastDoor isn’t working.
What we know that these attacks take advantage of fundamental weaknesses in Apple iMessage: most critically, the fact that iMessage will gleefully parse all sorts of complex data received from random strangers, and will do that parsing using crappy libraries written in memory unsafe languages. These issues are hard to fix, since iMessage can accept so many data formats and has been allowed to sprout so much complexity over the past few years.
There is good evidence that Apple realizes the bind they’re in, since they tried to fix iMessage by barricading it behind a specialized “firewall” called BlastDoor. But firewalls haven’t been particularly successful at preventing targeted network attacks, and there’s no reason to think that BlastDoor will do much better. (Indeed, we know it’s probably not doing its job now.)
Two ways to help prevent NSO attacks
Apple has so far said that the attacks are not a privacy threat to most iPhone owners, but Green says Apple can make life much harder for attackers by rewriting iMessage from scratch, and doing more intensive monitoring.
Apple will have to re-write most of the iMessage codebase in some memory-safe language, along with many system libraries that handle data parsing. They’ll also need to widely deploy ARM mitigations like PAC and MTE in order to make exploitation harder […]
Apple already performs some remote telemetry to detect processes doing weird things. This kind of telemetry could be expanded as much as possible while not destroying user privacy.
The combination of those two things would at the very least significantly increase the cost of NSO’s attacks, meaning they will be deployed against fewer targets – and could potentially even make them so expensive that the company goes out of business.
Photo: Forbidden Films