Buried in Apple announced the glitz-free ocean This week, the tech giant also revealed new security technologies for its latest iPhone 17 and iPhone air devices. Apple says the new security technology is specifically designed to fight surveillance vendors and their most dependable vulnerabilities.
The feature, called Memory Integrity Enforcement (MIE), is designed to help stop memory corruption errors, the most common vulnerability in phone forensic devices used by Spyware developers and law enforcement enforcement.
“The known mercenary spy chains target iOS use is a commonality with people with windows and Android: They exploit interchangeable, powerful and memory security vulnerabilities that exist throughout the industry,” Apple wrote. In the blog post.
Cybersecurity experts, including those who make hacking tools and exploits for iPhones, told TechCrunch that this new security technology could make Apple’s latest iPhone the safest device on the planet. The result may make spyware and Zero Day Used to plant spyware on target phones or extract data from them.
A security researcher told TechCrunch for years that “the iPhone 17 is now probably the safest computing environment on Earth that is still connected to the Internet.”
Researchers told TechCrunch that MIE will increase the cost and time of utilizing the latest iPhone development, thereby increasing its price.
“This is a big deal,” the researchers said, asking to discuss sensitive issues anonymously. “It’s not proof. But it’s the closest thing we have to attack. None of this will be 100% perfect. But it raises the ante at best.”
Contact Us
Are you developing spyware or zero-day vulnerabilities and are looking into the potential impact of Apple MIE? We would love to understand the impact this has on you. With non-working devices, you can contact Lorenzo Franceschi-bicchierai in a signal of +1 917 257 1382 or via Telegram and Keybase @lorenzofb or e-mail. You can also Security.
Jiska Classen, a professor and researcher who studies IOS at the Hasso Plattner Institute in Germany, agreed that MIE will increase the cost of developing surveillance technologies.
Classen said this is because of some bugs and vulnerabilities that spyware companies and researchers have that are already in place once a new iPhone is out and MIE is implemented, which will now stop working.
“I can also imagine that some mercenary spyware vendors have not used the iPhone 17’s work in some time window.”
“This will make their lives more difficult,” said researcher Patrick Wardle. Who runs a startup company This makes cybersecurity products specifically used in Apple devices. “Of course, please note that this has always been a game for cats and mice.”
Wardle said those worried about being hacked by spyware hackers should upgrade to a new iPhone.
Expert TechCrunch spoke with him and said MIE will reduce the effectiveness of two remote hackers, such as attacks launched using spyware such as Pegasus from NSO Group and Graphite from Paragon. It will also help prevent physical device hacking, such as those that use your phone to unlock hardware such as Cellebrite or GrayKey.
Take on “most vulnerabilities”
Most modern devices, including most iPhones today, are software written in programming languages that are prone to memory-related errors, often referred to as memory overflow or corruption errors. When triggered, a memory error may cause content in memory to overflow from one application to other areas where the user device should not be doing.
Memory-related errors can allow malicious hackers to access and control parts of the device’s memory, which should not allow them. This access can be used to plant malicious code that enables more extensive access to people’s data in the phone’s memory and delete it through the phone’s internet connection.
The goal of MIE is to defend against such extensive memory attacks by greatly reducing the attack surfaces that can exploit memory vulnerability.
According to offensive cybersecurity expert Halvar Flake, memory corruption “is the vast majority of vulnerabilities.”
Mie builds on a technology called Memory tag extension (MTE) was originally developed by a chip manufacturing arm. Apple said in its blog post that over the past five years, it has partnered with ARM to expand and improve storage security features into a product called Enhanced Memory Markup Extension (EMTE).
MIE is Apple’s implementation of this new security technology, which leverages Apple to complete control of its technology stack, from software to hardware, unlike many of its phone making competitors.
Google Provide MTE For some Android devices; security-centric graphene, a custom version of Android Provide MTE.
But other experts say Apple’s Mie goes further. Flake said the Pixel 8 and graphene are “almost comparable”, but the new iPhone will be the “safetest mainstream” device.
MIE can allocate new iPhone memory with secret tags, effectively allocating its unique password. This means that only the application of that secret tag can access physical memory in the future. If the secret does not match, security starts and blocks the request, the application crashes, and the event is logged.
Crash and logs are particularly important because spyware and zero-days are more likely to trigger crashes, which makes it easier for Apple and security researchers to investigate attacks to discover them.
“A wrong step will lead to a crash and potentially perform artifacts on defenders that may be recoverable,” said Matthias Frielingsdorf, vice president of research at Itviverify. “Attackers already have the motivation to avoid memory corruption.”
Apple did not respond to a request for comment.
By default, MIE will be turned on, meaning it will protect applications like Safari and Imessage, which can be the entry point for spyware. But third-party applications will have to implement MIE on their own to improve user protection. apple EMTE version has been released To get developers to do this.
In other words, MIE is a huge step in the right direction, but it takes some time to understand its impact, depending on how many developers are implementing it and how many people buy a new iPhone.
Some attackers inevitably find a way.
“MIE is a good thing, maybe even a big thing. It can greatly increase the cost of attackers and even force some of them out of the market,” Frielingsdorf said. “But there will be a lot of bad actors who can still find success and maintain their business.”
“As long as there is a buyer, there will be a seller,” Frylingersdorf said.
