London Daily

Focus on the big picture.
Thursday, Jul 10, 2025

iMessage Security BlastDoor

iMessage just got an amazing new feature you didn’t even notice

Apple quietly added a new iMessage security feature in iOS 14 called BlastDoor. BlastDoor is a new sandbox inside iMessage that receives and sanitizes all iMessage content before it’s shown to the user. The security feature will prevent attacks via iMessage that might include malicious code for spying on iPhones.

One of the most important apps on any phone, regardless of model or operating system, is the messaging app. The chances are most people use a collection of texting apps to keep in touch with friends and family. These apps have grown to be highly sophisticated over the years, offering a collection of advanced features to improve the chat experience.

Whether it’s iMessage on an iPhone, Google Messages on Android, or WhatsApp, Signal, Telegram, and many others on both platforms, these apps offer essentially the same features. Many protect chats with end-to-end encryption, and most of them support rich texting features, file-sharing, emojis, voice messaging, voice calling, and integration with many other apps.

But because texting is so popular on smartphones, it’s also a great gateway for hackers who come up with all sorts of malicious attacks that can spread via chat apps. And Apple has been quietly tackling that very problem, a new report shows. The company added an amazing new feature to iMessage in iOS 14 and iPadOS 14, the kind that we’ll never notice. It’s called BlasstDoor, an apt name for what the feature is supposed to do.

When Tony Stark asks his AI Friday to activate the “Armed Door” protocol in Endgame, a shield of armor envelops the Avengers headquarters. That’s because they’re about to attempt something never done before, which could lead to a huge wave of destruction. There’s no guarantee that the armor will actually hold back a potential blast, but Stark is trying it nonetheless. Marvel fans will surely remember the scene, while others won’t know what any of this means.

The gist with BlastDoor is similar. Everything coming in via iMessage goes through a secure location meant to contain threats that hackers might include in messages. Highly sophisticated information bombs can allow hackers to attack unsuspecting iPhone users, but BlastDoor will now stop all of that. The new security feature is amazing, and it’s something other operating systems and chat apps will undoubtedly copy. After all, hackers target all devices and programs, not just Apple’s.

As to why Apple never mentioned anything about BlastDoor during WWDC 2020 when the first final version of iOS 14 shipped, that’s understandable. This is Apple’s new move in an ongoing security battle with attackers. There’s no point showing your hand when it comes to BlastDoor. It’s not a feature that device owners will actively use or that iOS developers needed to be aware of.

It’s all supposed to work passively in the background, keeping everybody safe. If security experts like the people working over at Google Zero Lab discover it, that’s something else — and hackers could also find it once they realize their weaponized messages aren’t delivering the desired effect.

First picked up by ZDNet, the BlastDoor feature was indeed discovered by a Googler from Project Zero.

Last year, a report showed that hackers targeted journalists via iMessage code that enabled spying without the recipient having to do anything. But the issue was fixed in iOS 14, so Google researcher Samuel Groß set out to discover how Apple mitigated the problem. That’s how he found BlastDoor, a feature that works behind the scenes with iMessage content.

It’s a “sandbox” type of functionality, similar to other sandboxes in iOS. BlastDoor will unpack and process the content of all incoming messages in an isolated environment so that a malicious payload cannot attack the operating system. In other words, every attachment and all code coming through iMessage, whether it’s the actual text, links, or files, will be sanitized inside that closed environment.

If you still haven’t upgraded to iOS 14, BlastDoor is an excellent reason to do it, especially if you’re the kind of iPhone user who might be someone’s target.

“Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole,” the Googler wrote. “It’s great to see Apple putting aside the resources for these kinds of large refactorings to improve end users’ security.

Furthermore, these changes also highlight the value of offensive security work: not just single bugs were fixed, but instead structural improvements were made based on insights gained from exploit development work.”

Groß’s blog post detailing the new iMessage security feature is available at this link.

Newsletter

Related Articles

0:00
0:00
Close
Severe Heatwave Claims 2,300 Lives Across Europe
NVIDIA Achieves Historic Milestone as First Company Valued at $4 Trillion
Declining Beer Consumption Signals Cultural Shift in Germany
Linda Yaccarino Steps Down as CEO of X After Two Years
US Imposes New Tariffs on Brazilian Exports Amid Political Tensions
Azerbaijan and Armenia are on the brink of a historic peace deal.
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Weinstein Victim’s Lawyer Says MeToo Movement Still Strong
U.S. Enacts Sweeping Tax and Spending Legislation Amid Trade Policy Shifts
Football Mourns as Diogo Jota and Brother André Silva Laid to Rest in Portugal
Labour Expected to Withdraw Support for Special Needs Funding Model
Leaked Audio Reveals Tory Aide Defending DEI Record
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
London Stock Exchange Faces Historic Low in Initial Public Offerings
A new online platform has emerged in the United Kingdom, specifically targeting Muslim men seeking virgin brides
Trump Celebrates Independence Day with B-2 Flyover and Signs Controversial Legislation
Boris Johnson Urges Conservatives to Ignore Farage
SNP Ordered to Update Single-Sex Space Guidance Within Days
Starmer Set to Reject Calls for Wealth Taxes
Stolen Century-Old Rolls-Royce Recovered After Hotel Theft
Macron Presses Starmer to Recognise Palestinian State
Labour Delayed Palestine Action Ban Over Riot Concerns
Swinney’s Tax Comments ‘Offensive to Scots’, Say Tories
High Street Retailers to Enforce Bans on Serial Shoplifters
Music Banned by Henry VIII to Be Performed After 500 Years
Steve Coogan Says Working Class Is Being ‘Ethnically Cleansed’
Home Office Admits Uncertainty Over Visa Overstayer Numbers
JD Vance Questions Mandelson Over Reform Party’s Rising Popularity
Macron to Receive Windsor Carriage Ride in Royal Gesture
Labour Accused of ‘Hammering’ Scots During First Year in Power
BBC Head of Music Stood Down Amid Bob Vylan Controversy
Corbyn Eyes Hard-Left Challenge to Starmer’s Leadership
London Tube Trains Suspended After Major Fire Erupts Nearby
Richard Kemp: I Felt Safer in Israel Under Attack Than in the UK
Cyclist Says Police Cited Human Rights Act for Riding No-Handed
China’s Central Bank Consults European Peers on Low-Rate Strategies
AI Raises Alarms Over Long-Term Job Security
Saudi Arabia Maintains Ties with Iran Despite Israel Conflict
Musk Battles to Protect Tesla Amid Trump Policy Threats
Air France-KLM Acquires Majority Stake in Scandinavian Airlines
UK Educators Sound Alarm on Declining Child Literacy
Shein Fined €40 Million in France Over Misleading Discounts
Brazil’s Lula Visits Kirchner During Argentina House Arrest
Trump Scores Legislative Win as House Passes Tax Reform Bill
Keir Starmer Faces Criticism After Rocky First Year in Power
DJI Launches Heavy-Duty Coaxial Quadcopter with 80 kg Lift Capacity
U.S. Senate Approves Major Legislation Dubbed the 'Big Beautiful Bill'
Largest Healthcare Fraud Takedown in U.S. History Announced by DOJ
×