Angry in an ocean of fancy innovations that Apple announced this week, the technological giant also revealed new security technology for the latest iPhone 17 and iPhone Air devices. This new safety technology was made specifically to combat surveillance suppliers and the most based on the types of vulnerabilities, according to Apple.
The feature is called memory integrity (MIE) and is designed to help stop memory corruption errors, which are some of the most common vulnerabilities that spyware and coroner manufacturers used by law enforcement.
“The well -known spyware chains used against iOS share a common denominator with those aimed In his post on the blog.
Cyber -experts, including people who make hacking tools and iPhones, tell Techcrunch that this new security technology could make Apple’s newest iPhones some of the safest devices on the planet. The result is likely to make life more difficult for the companies that make spyware and the zero -exploits for spyware planting on a target phone or exporting data from them.
“The iPhone 17 is probably the safest computer environment on the planet that is still connected to the internet,” said TechCrunch, a more secure computational environment on the planet, who worked for the development and sale of zero days and other cyberspace opportunities for years at Techcrunch.
The researcher told TechCrunch that Mie will increase the cost and time to develop their exploitation for the latest iPhones and consequently their prices for customer payment.
“This is a huge agreement,” said the researcher, who asked to remain anonymous to discuss sensitive issues. “It’s not the proof of hack, but it’s the closest thing to hit proof. None of them will ever be 100% perfect, but it increases the shares more.”
Contact us
Do you develop spyware or zero farms and study the study of the potential impact of Apple’s MIE? We would like to know how this affects you. From a non-work device, you can contact Lorenzo Franceschi-bicchierai safely on the signal on +1 917 257 1382, or via the telegraph and keybase @lorenzofb or email. You can also contact TechCrunch via securedrop.
Jiska Classen, a professor and researcher studying the iOS at the Hasso Plattner Institute in Germany, has agreed that Mie would increase the cost of developing surveillance technologies.
Classen said this was due to the fact that some of the errors and holdings of Spyware and researchers who work today will stop working as soon as the new iPhones are out and Mie is implemented.
“I could also imagine that for a particular time window some Spyware mercenaries have not worked for farms for the iPhone 17,” Classen said.
“This will make their lives undoubtedly infinitely more difficult,” said Patrick Wardle, a researcher who manages a start -up that makes cyberspace specifically for Apple devices. “Of course this is said with the warning that it is always a cat and mouse game.”
Wardle said people who are worried about getting hacked with spyware should be upgraded to the new iPhones.
TechCrunch experts talked to Said Mie will reduce the effectiveness of both remote halls, such as those that started with spyware such as NSO Pegasus Pegasus and Paragon Graphite. It will also help protect against natural hacks, such as those performed by the material unlock phone such as Cellegite or Graykey.
Taking the “majority of holdings”
Most modern devices, including the majority of iPhones today, run software written in programming languages that are prone to memory -related errors, often called memory overflows or corruption errors. When activated, a memory error can cause memory content from an application to leak to other areas of a user’s device where it should not go.
Memory -related errors can allow malicious hackers to access and control parts of the memory of a device that should not be allowed. Access can be used to install malicious code that is capable of gaining broader access to the data of a person stored in the phone memory and neutralize it in connecting the phone’s internet.
Mie aims to defend such widespread attacks, significantly reducing the surface of attack on which the vulnerabilities of memory can be exploited.
According to Halvar Flake, an expert in cyberspace, the corruption of memory “is the overwhelming majority of holdings”.
Mie is built on a technology called Memory Label Extension (MTE), originally developed by the ARM chipmaker. In its blog, Apple said in the last five years it has worked with ARM to expand and improve memory characteristics on a product called Enhanced Memory Tagging Extension (EMTE).
Mie is the application of this new security technology by Apple, which takes advantage of Apple, which has complete control of the stack of technology, from software to material, as opposed to many of its competitors.
Google offers MTE For some Android devices. Grapheneos that focuses on security, a customized version of Android, too offers MTE.
But other experts say Apple’s Mie is going a step further. Flake said Pixel 8 and Grapheneos are “almost comparable”, but the new iPhones will be “the safest mainstream” devices.
Mie works with the distribution of each of the newer iPhone memory with a secret label, effectively its own unique password. This means that only applications with this secret label can access physical memory in the future. If the secret does not fit, security protections kick and block the request, the application will collapse and the event is recorded.
This crash and log is particularly important, as it is more likely for spyware and zero-day to trigger a crash, making it easier for Apple and Security researchers investigating attacks to locate them.
“A wrong step would lead to a crash and a potentially recoverable artifact for a defender,” said Matthias Frielingsdorf, Vice President of Iverify research, a company that makes an application for the protection of Spyware smartphones. “The attackers already had an incentive to avoid memory corruption.”
Apple did not respond to a request for comments.
The MIE will be activated by a default system, which means it will protect applications such as Safari and IMESSAGE, which can be input points for spyware. But third -party applications should apply MIE on their own to improve their users’ protection. Apple released a version of EMTE For developers to do this.
In other words, Mie is a huge step in the right direction, but it will take some time to see its impact, depending on how many developers apply it and how many people buy new iPhones.
Some attackers will inevitably find another way.
“Mie is good and it can even be a big deal. It could significantly increase the costs for the attackers and even force some of them out of the market,” Frielingsdorf said. “But there will be many bad actors who can still find success and maintain their business.”
“As long as there are buyers there will be sellers,” Frielingsdorf said.
