Apple’s latest iPhone security feature made life more difficult for spy software manufacturers
Burial in an ocean of flashy new features announced by Apple this week, the technology giant has also revealed new safety technology for its latest iPhone 17 air devices and iPhone. This new safety technology has been specially designed to combat surveillance providers and the types of vulnerabilities that they count most, according to Apple.
The functionality is called Memory Integrrity Enforcement (MIE) and is designed to help stop memory corruption bugs, which are some of the most common vulnerabilities exploited by developers and manufacturers of spy software for the medical-legal devices used by the police.
“The known Spymetric Software Chains used against iOS share a common denominator with those that target Windows and Android: they exploit the vulnerabilities of memory safety, which are interchangeable, powerful and exist throughout the industry,” wrote Apple in its blog article.
Cybersecurity experts, including people who make hacking tools and exploits for iPhones, tell Techcrunch that this new safety technology could make new Apple iPhones some of the most secure devices on the planet. The result is likely to make life more difficult for companies that make spy software and zero-day exploits to plant spy software on the phone from a target or extract data.
“The iPhone 17 is probably now the most secure IT environment on the planet that is still connected to the Internet,” a security researcher has worked on the development and sale of zero-days and other cyber-capacity in the United States government told Techcrunch.
The researcher told Techcrunch that Mie would increase the cost and time to develop their exploits for the last iPhones, and therefore increase their prices for paid customers.
“This is a huge affair,” said the researcher, who asked to remain anonymous to discuss sensitive issues. “It is not proof of hacking. But it is the closest thing that we have to hack the proof. None of this will ever be 100%perfect. But that increases the stakes the most.”
Contact us
Do you develop spy or zero software exploits and study the study of the potential effects of Apple’s crumb? We would like to learn how it affects you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai safely on the signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or e-mail. You can also contact Techcrunch via Securedrop.
Jiska Classen, professor and researcher who studies iOS at the Hasso Plattner Institute in Germany, agreed that Mie will increase the cost of the development of surveillance technologies.
Classhen has said that this is due to the fact that some of the bugs and exploits that companies and spyware researchers currently have that are currently working once the new iPhones have been released and that Mie will be implemented.
“I could also imagine that for a certain window of time, some suppliers of mercenary spy software have no work exploits for the iPhone 17,” said Classhen.
“This will undoubtedly make their lives infinitely more difficult,” said Patrick Wardle, a researcher who runs a startup who makes cybersecurity products specifically for Apple devices. “Of course, this is said with the warning that it is always a game of cat and mouse.”
Wardle said people who fear being hacked with spy software should go to new iPhones.
The experts that Techcrunch have spoken said that Mie will reduce the efficiency of the two remote hacks, such as those launched with spy software like Pegasus from the NSO group and Paragon graphite. It will also help protect from physical peripheral hacks, such as those made with phone unlocking equipment such as Celbite or Graykey.
Taking the “majority of exploits”
Most modern devices, including the majority of iPhones today, perform written software in programming languages ​​that are subject to memory -related bugs, often called memory overflows or corruption bugs. When triggered, a memory bug can cause the content of an application to an application in other areas of a user’s device where he should not go.
Memory -related bugs can allow malicious hackers to access and control the parts of the memory of a device which they should not be authorized. Access can be used to plant a malicious code capable of obtaining wider access to data from a person stored in phone memory and exfiltrating on the internet connection of the phone.
MIE aims to defend itself against these types of large memory attacks by largely reducing the attack surface in which memory vulnerabilities can be exploited.
According to Halvar Flake, an expert in offensive cybersecurity, the corruption of memory “are the vast majority of exploits”.
MIE is built on a technology called memory marking extension (MTE), originally developed by Chipmaker ARM. In his blog article, Apple has said that in the past five years, he has worked with Arm to enlarge and improve memory security features in a product called improved memory taggage extension (EMTE).
MIE is the implementation by Apple of this new security technology, which takes advantage of Apple with a complete control of its technological battery, from software to hardware, unlike many of its phones manufacturing competitors.
Google offers MTE for certain Android devices; The grapheneos focused on security, a personalized version of Android, also offers MTE.
But other experts say that Apple’s crumb goes further. Flake said that the Pixel 8 and the Graphneos are “almost comparable”, but new iPhones will be “the most secure” devices.
Mie works by allocating each element of the memory of a more recent iPhone with a secret tag, actually its own single password. This means that only applications with this secret tag can access physical memory in the future. If the secret does not correspond, the security protections are in place and block the demand, the application is blocking and the event is recorded.
This crash and this newspaper are particularly significant because it is more likely that spy software and zero days trigger a crash, which facilitates studies for Apple and security researchers to identify them.
“A bad step would lead to an accident and a potentially recoverable artifact for a defender,” said Matthias Frielingfsdorf, vice-president of research at Iverify, a company that makes an application to protect smartphones against spy software. “The attackers have already been encouraged to avoid the corruption of memory.”
Apple did not respond to a request for comments.
MIE will be on the large default system, which means that it will protect applications like Safari and Imessage, which can be input points for spy software. But third-party applications will have to implement MIE by themselves to improve the protections of their users. Apple has published a version of Emte for developers to do so.
In other words, Mie is a huge step in the right direction, but it will take a while to see its impact, according to the number of developers set it up and how many people buy new iPhones.
Some attackers will inevitably still find a means.
“Mie is a good thing and it could even be a big problem. This could considerably increase the cost of attackers and even force some of them out of the market,” said Frielingsdorf. “But there will be many bad players who can still find success and keep their business.”
“As long as there are buyers, there will be sellers,” said Frielingsdorf.
