An associate professor at the Johns Hopkins Information Security Institute has said that Apple can and must do more to prevent NSO attacks.

He argues that while it’s true that it is impossible to completely prevent exploits based on zero-day vulnerabilities, there are two steps that the iPhone maker can take to make NSO’s job much harder …

Cryptographer Matthew Green makes his case in a blog post. He says the most worrying aspect is apparent zero-click attacks sent via iMessage. Simply receiving the message is enough to take control over the iPhone: The attack doesn’t need the user to interact with it in any way.

A more worrying set of attacks appear to use Apple’s iMessage to perform “0-click” exploitation of iOS devices. Using this vector, NSO simply “throws” a targeted exploit payload at some Apple ID such as your phone number, and then sits back and waits for your zombie phone to contact its infrastructure.

This is really bad. While cynics are probably correct (for now) that we probably can’t shut down every avenue for compromise, there’s good reason to believe we can close down a vector for 0-interaction compromise. And we should try to do that.

He says Apple needs to address a fundamental security weakness in iMessage, and the company’s attempt to do so with a firewall known as BlastDoor isn’t working.

What we know that these attacks take advantage of fundamental weaknesses in Apple iMessage: most critically, the fact that iMessage will gleefully parse all sorts of complex data received from random strangers, and will do that parsing using crappy libraries written in memory unsafe languages. These issues are hard to fix, since iMessage can accept so many data formats and has been allowed to sprout so much complexity over the past few years.

There is good evidence that Apple realizes the bind they’re in, since they tried to fix iMessage by barricading it behind a specialized “firewall” called BlastDoor. But firewalls haven’t been particularly successful at preventing targeted network attacks, and there’s no reason to think that BlastDoor will do much better. (Indeed, we know it’s probably not doing its job now.)

Two ways to help prevent NSO attacks

Apple has so far said that the attacks are not a privacy threat to most iPhone owners, but Green says Apple can make life much harder for attackers by rewriting iMessage from scratch, and doing more intensive monitoring.

Apple will have to re-write most of the iMessage codebase in some memory-safe language, along with many system libraries that handle data parsing. They’ll also need to widely deploy ARM mitigations like PAC and MTE in order to make exploitation harder […]

Apple already performs some remote telemetry to detect processes doing weird things. This kind of telemetry could be expanded as much as possible while not destroying user privacy.

The combination of those two things would at the very least significantly increase the cost of NSO’s attacks, meaning they will be deployed against fewer targets – and could potentially even make them so expensive that the company goes out of business.

Photo: Forbidden Films

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear