Apple is introducing a new security technique in iOS 14.5 which will make it much more difficult for nation-states to hack iPhone users without them knowing.
State-sponsored hackers have been using so-called 0-click exploits, where phones are hacked without user interaction, to spy on suspects and dissidents for years now.
In 2016, hackers working for the United Arab Emirates government used a zero-click iPhone hacking tool code named Karma to break into the phones of hundreds of targets. In 2020, the digital rights group Citizen Lab revealed that 36 journalists and editors at Al Jazeera were targeted with a zero-click iPhone hack.
To address this whole class of attacks Apple is introducing Pointer Authentication Codes (or PAC) which cryptographically authenticate pointers, preventing hackers from executing injected malicious code.
“Nowadays, since the pointer is signed, it is harder to corrupt these pointers to manipulate objects in the system. These objects were used mostly in sandbox escapes and 0clicks,” said Adam Donenfeld, from security firm Zimperium.
Multiple other security researchers agreed with him.
“It will definitely make 0-clicks harder. Sandbox escapes too. Significantly harder,” a source who develops exploits for government customers told Motherboard.
Another security researcher said that many iPhone hackers are worried “because some techniques are now irretrievably lost.”
Of course there is no such thing as perfect security.
“When there’s a will there’s a way—there’s always going to be bugs of some sort, whether that be in PAC or whether it be a completely different exploitation strategy,” Jamie Bishop, one of the developers of the popular jailbreak Checkra1n. “This mitigation in reality probably just raises the cost of 0clicks, but a determined attacker with a lot of resources would still be able to pull it off.”