iPhone Security Update Thwarts Spyware

Apple Unveils Advanced Security Measures for iPhone 17 and iPhone Air

Amidst the numerous announcements from Apple this week, a significant advancement in device security was revealed for the upcoming iPhone 17 and iPhone Air models. This new technology is specifically engineered to counter the tactics employed by surveillance vendors and address the vulnerabilities they commonly exploit.

Introducing Memory Integrity Enforcement (MIE)

The newly developed feature, known as Memory Integrity Enforcement (MIE), is designed to mitigate memory corruption bugs. These bugs represent a frequent attack vector utilized by spyware developers and manufacturers of forensic tools used by law enforcement agencies.

Apple highlighted that a common characteristic among mercenary spyware targeting iOS, Windows, and Android is the exploitation of memory safety vulnerabilities. These vulnerabilities are readily transferable, potent, and prevalent across the industry.

Enhanced Security: A Game Changer

Cybersecurity professionals, including those involved in the creation of iPhone hacking tools and exploits, have indicated to TechCrunch that this new security technology could position Apple’s latest iPhones as among the most secure devices currently available.

Consequently, the development of spyware and zero-day exploits for compromising devices or extracting data will likely become considerably more challenging for relevant companies.

A security researcher with extensive experience developing and selling cyber capabilities to the U.S. government stated that the iPhone 17 is potentially the most secure internet-connected computing environment globally.

Impact on Exploit Development and Costs

The researcher further explained to TechCrunch that MIE will increase both the cost and the time required to develop exploits for the newest iPhones, inevitably leading to higher prices for their clientele.

“This represents a substantial development,” the researcher, requesting anonymity due to the sensitive nature of the discussion, emphasized. “While not providing absolute protection, it represents the closest approximation we currently have. Complete security is unattainable, but this significantly elevates the difficulty.”

Expert Validation and Implementation Challenges

Jiska Classen, a professor and researcher specializing in iOS at the Hasso Plattner Institute in Germany, concurred that MIE will increase the financial burden associated with developing surveillance technologies.

This is due to the fact that existing bugs and exploits utilized by spyware companies and researchers will become ineffective upon the release of the new iPhones and the implementation of MIE.

“It’s conceivable that certain mercenary spyware vendors will temporarily lack functional exploits for the iPhone 17,” Classen noted.

A Continuous Security Arms Race

Patrick Wardle, a researcher and founder of a cybersecurity startup focused on Apple devices, stated, “This will undoubtedly make their operations significantly more difficult.” He added, however, that security is an ongoing, iterative process – a constant cat-and-mouse game.

Wardle recommends that individuals concerned about potential spyware attacks should consider upgrading to the new iPhone models.

Protecting Against Remote and Physical Attacks

According to the experts consulted by TechCrunch, MIE will diminish the effectiveness of both remote hacking attempts, such as those facilitated by spyware like NSO Group’s Pegasus and Paragon’s Graphite. It will also bolster protection against physical device compromises, including those performed using unlocking hardware like Cellebrite or Graykey.

MIE targets memory corruption bugs.
It increases the cost and time for exploit development.
The iPhone 17 is positioned as a highly secure device.

Addressing the Predominance of Exploits

The majority of contemporary devices, including a significant proportion of current iPhones, utilize software constructed with programming languages susceptible to memory-related errors. These are frequently referred to as memory overflow or corruption vulnerabilities. When activated, such a flaw can result in data from one application leaking into unauthorized areas of a user’s device.

These memory-based vulnerabilities can empower malicious actors to gain unauthorized access and control over portions of a device’s memory. This access can then be exploited to install harmful code, potentially granting extensive access to a user’s data stored within the phone’s memory and facilitating its transmission over the device’s internet connection.

MIE (Memory Integrity Enhancement) is designed to mitigate these widespread memory attacks by substantially diminishing the attack surface where memory vulnerabilities can be exploited.

Halvar Flake, a recognized expert in offensive cybersecurity, asserts that memory corruptions constitute “the vast majority of exploits.”

MIE is founded upon a technology known as Memory Tagging Extension (MTE), initially created by the chip manufacturer Arm. Apple detailed in a blog post that, over the past five years, it collaborated with Arm to expand and refine these memory safety features into a product termed Enhanced Memory Tagging Extension (EMTE).

Apple’s MIE represents the company’s implementation of this novel security technology. It leverages Apple’s comprehensive control over its entire technology stack – encompassing both software and hardware – a distinction from many of its competitors in the mobile phone industry.

Google provides MTE for select Android devices, and the security-focused GrapheneOS, a customized Android distribution, also incorporates MTE.

However, other specialists contend that Apple’s MIE offers an additional layer of security. Flake suggests that the Pixel 8 and GrapheneOS are “almost comparable,” but anticipates that the latest iPhones will be “the most secure mainstream” devices available.

MIE functions by assigning a unique, secret tag – essentially a password – to each segment of a newer iPhone’s memory. Consequently, only applications possessing the correct tag can access that specific memory location. If the tag does not match, security protocols are activated, blocking the access attempt, causing the application to crash, and recording the event.

This crash and log are particularly valuable as spyware and zero-day exploits are more likely to trigger such a failure, simplifying detection by Apple and security researchers investigating potential attacks.

“An incorrect action would result in a crash and a potentially recoverable artifact for a defender,” explains Matthias Frielingsdorf, Vice President of Research at iVerify, a firm specializing in smartphone spyware protection. “Attackers already had an incentive to avoid memory corruption.”

Apple declined to provide a comment when contacted.

MIE will be enabled by default across the entire system, providing protection for applications like Safari and iMessage, which can serve as initial access points for spyware. However, third-party developers must independently implement MIE within their applications to enhance security for their users. Apple has released EMTE to assist developers in this process.

In essence, MIE signifies a substantial advancement in security, but its full impact will unfold over time, contingent upon the extent of developer adoption and consumer uptake of new iPhones.

It is inevitable that some attackers will still discover methods to circumvent these protections.

“MIE is a positive development and could even be a significant one. It has the potential to substantially increase the cost for attackers and potentially drive some out of the market,” states Frielingsdorf. “However, there will undoubtedly be malicious actors who continue to succeed and maintain their operations.”

“As long as demand exists, supply will follow,” concludes Frielingsdorf.