Apple’s New iPhone 17 and iPhone Air Security Feature MIE Could Make Them the Most Secure Smartphones on the Planet
Apple’s latest security technology, Memory Integrity Enforcement (MIE), was unveiled for the iPhone 17 and iPhone Air models amidst a flurry of new product announcements. This innovative feature is designed to combat surveillance vendors and their preferred vulnerabilities, as stated by the tech giant.
The aim of MIE is to prevent memory corruption bugs, which are frequently exploited by spyware developers and creators of phone forensic devices used by law enforcement agencies.
In a blog post, Apple acknowledged that “mercenary spyware chains targeting iOS share a common denominator with those aimed at Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and prevalent across the industry.”
Cybersecurity experts, including individuals who specialize in creating hacking tools and iPhone exploits, have suggested that this new security technology could make Apple’s newest iPhones some of the most secure devices globally. This development is likely to present challenges for companies manufacturing spyware and zero-day exploits for surreptitiously installing spyware on a target’s phone or extracting data from it.
“The iPhone 17 is probably now the most secure computing environment connected to the internet that still offers user access,” a seasoned security researcher, who has been involved in selling zero-days and other cyber capabilities to the U.S. government for years, told reporters.
This researcher predicted that MIE would increase the cost and time required to develop exploits for the latest iPhones, thereby raising their prices for paying clients.
“This is a significant development,” the researcher remarked, wishing to remain anonymous due to sensitive subject matter. “It’s not foolproof, but it’s as close as we have come to being foolproof. No system will ever be 100% perfect, but it raises the stakes significantly.”
Jiska Classen, a professor and researcher focusing on iOS at the Hasso Plattner Institute in Germany, concurred that MIE would increase the cost of developing surveillance technologies. Classen explained this is because some of the bugs and exploits currently used by spyware companies and researchers would cease to function once the new iPhones are launched and MIE is implemented.
“I could also imagine that for a certain period, some spyware vendors won’t have working exploits for the iPhone 17,” said Classen. “This will undeniably make their lives more difficult.”
Patrick Wardle, a researcher who runs a startup developing cybersecurity solutions exclusively for Apple devices, echoed similar sentiments. However, he cautioned that it’s an ongoing cat-and-mouse game.
Wardle advised individuals concerned about being targeted by spyware to consider upgrading to the new iPhones.
Experts agree that MIE will diminish the effectiveness of both remote hacks, such as those launched with spyware like NSO Group’s Pegasus and Paragon’s Graphite, as well as physical device hacks performed with phone unlocking hardware like Cellebrite or Graykey.
Most modern devices, including a majority of iPhones today, operate on software written in programming languages prone to memory-related bugs, often referred to as memory overflow or corruption bugs. When triggered, a memory bug can cause the contents of memory from one app to leak into other areas of a user’s device where they shouldn’t be present.
Memory-related bugs allow malicious hackers to access and control parts of a device’s memory that they should not have permission to. This access can be used to plant malicious code capable of gaining broader access to a person’s data stored in the phone’s memory, and exfiltrating it over the phone’s internet connection.
MIE is designed to defend against such broad memory attacks by significantly reducing the attack surface within which memory vulnerabilities can be exploited.
According to Halvar Flake, an expert in offensive cybersecurity, memory corruptions “account for the vast majority of exploits.”
MIE is built upon a technology called Memory Tagging Extension (MTE) originally developed by chipmaker Arm. In its blog post, Apple revealed that over the past five years it collaborated with Arm to expand and enhance the memory safety features into a product called Enhanced Memory Tagging Extension (EMTE).
MIE represents Apple’s implementation of this new security technology, leveraging Apple’s control over its technology stack from software to hardware, unlike many of its competitors in the smartphone market. Google offers MTE for some Android devices; the security-focused GrapheneOS, a custom version of Android, also offers MTE.
However, other experts argue that Apple’s MIE surpasses these offerings. Flake described the Pixel 8 and GrapheneOS as “almost comparable,” but the new iPhones will be “the most secure mainstream” devices.
MIE works by assigning each piece of a newer iPhone’s memory a secret tag, essentially its own unique password. Only apps with that secret tag can access the physical memory in the future. If the secret doesn’t match, the security protections kick in and block the request, causing the app to crash, and logging the event.
The crash and log are significant as they make it more likely for spyware and zero-days to trigger a crash, making it easier for Apple and security researchers investigating attacks to identify them.
“A wrong step would lead to a crash and potentially recoverable artifacts for a defender,” said Matthias Frielingsdorf, the vice president of research at iVerify, a company developing an app to protect smartphones from spyware. “Attackers already had an incentive to avoid memory corruption.”
Apple did not respond to a request for comment.
MIE will be activated system-wide by default, protecting apps such as Safari and iMessage, which can serve as entry points for spyware. However, third-party apps must implement MIE themselves to enhance protections for their users. Apple has released a version of EMTE for developers to accomplish this.
In summary, MIE is a substantial step forward in improving device security, but its full impact will depend on developer adoption and consumer adoption of the new iPhones. Some attackers will inevitably find ways around the system, but experts agree that MIE represents a significant advancement in mobile device security.
