IOS Mobile OS By Apple Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

In order to discuss the wireless features of an iOS4, we might need to explore its features and abilities on an actual gadget. iPad2 basically houses an A5 chip which is a single core 1Ghz chip combining an ARM Cortex-A8 CPU core and a Power VR SGX 535 GPU. It runs at the same 1-GHz clock speed as its predecessor, but contains two processing cores instead of one. It is claimed that its new video component will deliver graphics that are nine times faster than the original iPads. With all the fantastic hardware, the iOS4 OS runs on it which is apple's own mobile operating system. In order to discuss its wireless vulnerabilities, more research needs done on the mobile operating system and its versions.

When apps are being developed for any gadget, certain closed source operating system does not allow the direct access to any hardware. Any hardware interaction is done through a number of different layers of software that act as intermediates between application code and device hardware. These layers make up the iOS itself

We concentrate on the layer which affects the wireless capability of the iPad. The Cocoa Touch layer sits at the top of the iOS stack and contains the frameworks that are most commonly used by iPad application developers. Cocoa Touch is primarily written in Objective-C, is based on the standard Mac OS X Cocoa API (as found on Apple desktop and laptop computers) and has been extended and modified to meet the needs of the iPad. Its features are as follows


Wireless Printing

Data protection via encryption

File sharing (the ability to make application files stored on the device available via iTunes)

Blue tooth based peer to peer connectivity between devices[14]

4.2 Wireless Features in iOS4[15][16][17][18]

It is known that iOS4 is an update to the mobile operating system used for iPods and iPhones which were released earlier and hence it had cleared lot of issues which was accompanied by a Smartphone. But according to sources, the first version served as a glorified smartphone which did not serve well with the hardware capabilities of a tablet. The following were its important features [15]

Persistent Wi-fi

Wake on Wi-fi

Auto-join and Auto-login and IPv6 on individual Wi-Fi Networks setting

Set up Internet Tethering

Support for Apple Bluetooth keyboards

Wireless app distribution

SSL VPN support (both Juniper and Cisco)

Microsoft Exchange Server 2010 support

Improved Bluetooth driver for A2DP devices

By April 2010 Apple themselves acknowledged the fact that iPad had difficulty connecting to the internet, which made it a bane for its own existence. There were numerous complaints telling that if the device was a little further away from the router, it had difficulty detecting the Wi-Fi signal. This seems to be an issue specific to dual-band Wi-Fi routers, which are those that are compatible with both 2.4GHz and 5GHz spectrum bands. Dual-band routers transmit both the 2.4GHz and 5GHz bands as one network with the same name and password. It was then recommended to split the bands into two separate networks, naming them differently and making sure that both networks use the same type of security (WEP, WPA, or WPA2).

This made lot of disgruntled Apple followers flood the internet discussion forums with their woes of their new and expensive gadget.[16]

Ultimately Apple came up with an update by March 2011 with an updated version of the OS which iOS 4.3 which included a number of critical security patches. Some of these were designed to prevent vulnerabilities being exploited which could lead to malicious code being run on iPhone or iPad.

Though some of the salient features were faster performance on their web browser, better video streaming and sharing their patented iTunes library over Wi-FI around the home, the most important reason to install that pdates was to increase the gadget's security.

Details of the security fixes are included in an Apple knowledgebase article, and include protecting against maliciously-crafted TIFF image files that could be used to run malicious code on the device, and multiple memory corruption issues exist in WebKit, which could mean that visiting a booby trapped website could lead to unauthorized code being executed.[17] These are, of course, the kind of vulnerabilities that have been exploited by malicious hackers and virus writers in the past and would present a way to deliver code to a non-jailbroken iPhone that did not involve entering via the official iPhone App Store.

There is no indication that these vulnerabilities have been exploited in the wild, but it would nevertheless be prudent to defend against them by installing the operating system patch to the iOS devices. Especially now that details of the security holes are known to the computer underground.

The best improvement with respect to wireless portability on any Wi-FI based gadget is to add around 500GB of portable capacity. Nowadays wireless portable hard drives are available for iPads and its counterparts and though this a great news for the tablet community, new violations with respect to the wireless data exchange between them are bound to arise. [18]

Windows CE - Mobile OS by Microsoft:

Having ruled the laptop and PC world with their versatile closed source Windows Operating system, Microsoft comes up with their mobile version which is now housed in many tablets and smartphones. HTC smartphone and HP Slate 500, Samsung Slding PC 7 and Archos 9 PC Tablet are some of the famous examples.

5.1 OTA(Over the Air) Firmware Update Architecture for Windows Mobile Version[19]

The following illustration shows the architecture of the OTA Firmware Update process:

Since the number of end users for a windows based mobile phone or tablet is way less than Android or iOS based tablets, the number of security violations or threats received are in par with the normal vulnerabilities of a windows operating system as seen on PC's. So Microsoft rolled out firmware updates which took care of 3 types of threats

5.1.1 Security Considerations on the Device describing the code and features resident on a Windows Mobile powered device

According to their firmware update, windows based mobile devices offer built in support of security services such as authentication, message encryption and VPN and SSL. They came up with the basic levels of defense using security-through-identity and coordinated with the policies provided by the Mobile Operator. Some main features which were covered in that update were the following

Permissions - Any application depends on a two tiered permission model which are "Privileged" and

"Normal". Any other application which does not cater to the appropriate signed certificate can be blocked by the user itself.

Security Configuration - The movile device is programmed to handle permissions and signatures access tiers.

One-tier access - A device with one-tier access focuses only on how an application should run based on whether the application is signed with a certificate in the device certificate store; there is no concern with permission restriction. All Windows Mobile powered devices can be configured to support one-tier access.

Two-tier access - A device with two-tier access restricts application start and run-time permissions. Applications signed with a certificate that the device recognizes execute with no further checks. Unsigned applications require further policy checks to determine if they can run; if allowed to run, they run with normal permissions. Windows Mobile Version 5.0 powered Smartphones and Windows Mobile 6 Standard can be configured with two-tier access.

Security Roles - These restrict access to device resources. The three roles defined in this update

Manager role with complete access to the device and its resources.

Enterprise Role allows admin rights to certain device settings such as setting password requirements.

The User role allows the device owner to query device information, manage files and directories, and change settings such as the home screen and sounds. In Windows Mobile 6, the owner can also manage user certificates and designated certificate stores.

Certificates and Authentication - Digital certificates play a critical role in device security and network authentication. Certificates are nothing electronic credentials that tie the identity of the certificate owner or the device to a public and private pair of electronic keys used to encrypt and digitally sign information. Signed digital certificates ascertain that the keys actually belong to the specified application, device, organization, or person and that they can be trusted. For example, in order for an application to be installed and run on the device, the application must present a digital certificate that proves it was accepted and signed by a trusted source, such as the Mobile2Market program. In an authentication example, before an SSL connection can be established with the network server, the mobile device must present a certificate from its root store that is recognized and accepted by the server.

Security Services - Windows mobile has the following security services in their core OS.

Cryptographic Services

VPN Support

Wi-Fi Encryption

Storage Card Encryption

SSL Support

5.1.2 Security Considerations on the Exchange Server providing details about the ActiveSync protocol and the security policies that can be managed from Exchange Server

Here we deal with the issues when the device is encountered with a safe Exchange server and to address certain unknown complication which are deemed to be unlikely in occurrence

Device Wipe - This basically does a hard reset on the device by wiping all data, settings and private key material on the device. This is very dangerous considering the difficulty to recover all the wiped data.

Lock a Device - Here the OS deals with the actual locking of the device with better PIN strength and forces a sequence in which either the passwords or the pins to be set in.

Authentication with LAS and LAP -

Local Authentication Subsystem (LASS) allows flexible integration of Local Authentication Plug-ins (LAPs).

LASS uses certain third party hardware and software like SmartCard use, biometrics or a user signature to provide proper infrastructure for security. It can also assign event based policies to ascertain the correct user entry. For example, device lock can be triggered programmatically, not just when a device is turned on.

A LAP is an authentication mechanism that plugs into LASS. Windows Mobile 5.0 and later contains a built-in password LAP. OEMs and ISVs can build custom pluggable authentication modules.

5.1.3 Security Considerations on Network outlining the features of a security-enhanced mobile messaging network, including ISA Server, Internet Information Services server, and protocols for data encryption and device authentication

Network Configuration - The default network configuration places all Exchange servers within the corporate network. So the Internet0020Security and acceleration Server(ISA) acts as a firewall from the Internet. All incoming traffic is refined through ISA web listener. Hence while installation it is recommended to enable SSL encryption throught the designated port.

ISA Server - helps protect against most unauthenticated denial-of-service attacks, safeguarding Outlook Web Access and Exchange ActiveSync servers from attack and intrusion. It can also act as an endpoint to decrypt and inspect inbound traffic passing only legitimate traffic to the destination endpoint. This capability, known as SSL bridging, adds valuable extra protection to OWA and Exchange ActiveSync deployments. ISA Server 2006 adds a new feature that terminates the SSL connection from the mobile device at the ISA server and allows the mobile device to authenticate a client connection, using Kerberos-constrained delegation to the Exchange server. This feature helps provide extra protection because traffic is inspected at ISA Server and then passed to the Exchange server for processing.

Data Encrytion with SSL - In the Windows Mobile security architecture, SSL plays an important role in helping to shield device communications. The default method for establishing Exchange ActiveSync connections requires the use of SSL to encrypt the connection between the mobile device and the Exchange server. Because Exchange ActiveSync uses HTTP as its base communications method, this helps provide effective protection - as evidenced by the wide use of HTTPS to protect billions of high-value commercial transactions across the Internet - while requiring only one port to be opened on the enterprise firewall. Windows Mobile fully supports ordinary HTTPS connections, both through its application programming interfaces (APIs) and in the mobile version of Internet Explorer. This support is designed to allow line-of-business applications and user browsing to be protected using the same robust security mechanism as Exchange ActiveSync traffic.

In Conclusion, it is claimed that all the above robust methods of security against all Internet threats are rolled out in their newest firmware. But even with all its tiered layer of interaction and control, it has been seen that they are susceptible to quite a number of security violations which freezes the gadget in which the OS runs.

Comparison - Android, iOS and Windows mobile operating systems

The three major operating systems now seem to run on more than 90% of the mobile device, smart phones and tablets. With its wireless features and vulnerabilities summarized, each has encountered a pitfall on its own and also is striving to make improvements as an when vulnerability is found.

6.1 Wireless Features Comparison

6.1.1 Android

This OS has come forth with fantastic technical aspects and advanced functions and it being open source, causes the manufacture of affordable and robust devices. Statistics show that by the year 2013 one in six tablets or smart phones will house Android OS in it.

The Android based gadgets offer Bluetooth, GPS, Wi-Fi and in addition wireless security and hence increasing their popularity in the gadget world.

Broadcom® Bluetooth software is among the most prevalent in the industry, making available the broadest range of popular profiles such as Object Push, File Transfer and Phonebook Access, as well as support for Bluetooth 3.0 features including high-speed connectivity. The Broadcom software stack features Bluetooth profiles for Android that are not available elsewhere and employs the same application interface design as existing BlueZ profiles to ensure a consistent experience across Android phones for both the consumer and the application development community.

Broadcom, a member of the Open Handset Alliance, offers strong support for Android in its Wi-Fi products, with its OneDriverâ„¢ software stack among the most mature in the industry including source code that is part of the generic Android distribution. OneDriver software, which includes Bluetooth 3.0 + HS support, is bundled with Broadcom's Wi-Fi and Bluetooth combo chip solutions, and its Android drivers reliably bring key emerging features to Android-based phones. These advanced features include:

Support for Wi-Fi Direct -- the forthcoming standard that allows smartphones and other Wi-Fi devices to connect to one another for transferring large files or for streaming digital media without the need for a wireless access point.

Support for WAPI -- the Chinese security protocol that enables OEMs to address the growing market for Internet connected handsets in China.

Support for 'Soft Access Point' - which allows the Wi-Fi component in a client device (such as a notebook computer or smartphone) to function as an access point enabling connectivity sharing with other devices.

Broadcom supports Android for its GPS receivers, including its industry leading navigation solution, full control plane and user plane protocol stacks, and tightly integrated hybrid location services that offer customers a complete location solution for handsets and other mobile devices based on Android.

As part of the Mobile World Congress demonstrations next week, Broadcom is also showcasing Android support across a range of other solutions including:

The BCM4760 navigation processor to enable advanced personal navigation devices (PNDs) and other location-aware products.

Multi-chip Android support in a consumer multimedia tablet device based on the BCM11211 VoIP processor and leverages the BCM11181 for multimedia processing, the BCM4329 for Bluetooth and Wi-Fi, and the BCM4750 for GPS.

6.1.2 Windows CE

Windows CE provides the framework for various wireless LAN technologies that enable you to enforce a variety of wireless networking scenarios.

The following list shows the networking technologies and standards that are used in wireless local area networks (WLANs) that Windows CE supports:

802.11 authentication

802.1x authentication

Automatic Configuration

Native 802.11

Wi-Fi Protected Access (WPA)

Extensible Authentication Protocol (EAP)

Wired Equivalent Privacy (WEP)

Wireless network adapters


A Windows CE-based device can function as a wireless client, as a wireless station (STA), and as a wireless access point (AP) in a wireless network. For more information about customizing your Windows CE-based device to function as an AP, see Customizing a Gateway.

6.1.3 iOS

»¿The recent introduction of iOS4 has significantly improved the in-house application distribution model and made it significantly easier for IT administrators to manage in-house iPhones. But all is not perfect is the iOS enterprise management story. Apple has extended the capabilities for iOS to be managed by enterprise IT by strengthening the APIs for managing devices. The benefit of this really shouldn't be underestimated. It will permit companies such as BoxTone and Good Technologies which produce mobile management platforms to more tightly incorporate the iPhone in to their existing systems. Given these systems are familiar to IT administrators, it make the iPhone less of a corner case and more aligned with typical operations procedures.

Of most specific interest to me, I was pleased to see Apple introduce Over-the-Air application distribution with the release of iOS4. With the update, Apple has allowed an enterprise to simply and effectively distribute their applications via existing infrastructures. Enterprise IT administrators are now able to distribute their applications (and distribution profiles) via an XML manifest accessible via a URL. In more simple terms - IT administrators can send a URL to employees which directs them to a secured webpage. Once logged in, the employees are able to install the necessary profiles and the application over-the-air, without ever tethering their application.

This being said, I was somewhat disappointed to see that the Over-the-Air applications distribution still somewhat lacks a suitable traceability mechanism. Back in September of last year, I bemoaned what many perceived to be issues in Apple's "in-enterprise" application distribution model. At the time, I said I believed there were two specific problems with the in-house application distribution mechanism provided by Apple for the iPhone:

There's no means to enforce/guarantee employees install the application.

There's no control over where the application goes. Once the application and provisioning profile are [sent] out, they can be installed on any iPhone / iPod Touch. Apple warns in the same user guide "Please ensure to protect the distribution mechanism of this type of application as it can be installed on any Apple device if compromised."»¿

The introduction of iOS4 does nothing to particularly address either of these points. The first is likely to not be a significant issue. If an employee chooses not to install a corporate application, they do so at the peril of productivity or at least corporate policy. The inability to control application installation though is somewhat more of a security risk. I'm sure in the general case an enterprise application will leverage existing security capabilities (such as VPN support in iOS or secure sign-on to corporate facilities from within the application itself). However, if an application presumes security and permits unfettered access to data then the security risk of the application getting outside the enterprise becomes substantial.

I suspect Apple has made a conscious decision to push the security mitigation to the application developers in this case - either via leveraging existing security measures as previously discussed, or via having the application developer have a "phone home" within the application reporting what device/user is accessing the corporate data. There's nothing wrong with such a solution, however it would have been more elegant to build a solution directly into the OS rather leaving it to developers (and of course administrators to specify the requirements to developers!)

Overall, Apple has significantly improved the enterprise management capabilities of iOS. However, so long as 'corner case' security risks aren't sufficiently addressed via iOS capabilities and/or best practice guidelines, we can expect IT administrators and security pundits to continue to push Research In Motion over Apple products as the preferred solution.