The electronics industry has experienced a number of innovations in the recent past. An implementation of such an innovation is the iPhone. IPhone is a recently developed smart phone by Apple Inc. with zeal to develop a mobile phone with a variety of features. The fact that cell phones are becoming important devices for portable information access and the need to have excellent synchronization has led to such an innovation. Key features that make iPhone unique are its top-notch design; intuitive user-interface with fancy multimedia internet based services.
Software:
To maximise the software-hardware compatibility, apple had developed its own operating system called the iOS. By a detailed study of the iOS, it can be inferred that iOS has been divided into four layers. The key concept here is that each layer communicates only with the layer above or under it. Figure ___ demonstrates the layers of iOS.
The architecture of iOS is such that, a bottom-top approach is required to understand their functionalities.
Core OS Layer:
This layer contains the kernel environment, drivers, and basic interfaces of the operating system. The iOS kernel is based on Mach and is responsible for every aspect of the operating system. The virtual memory system, threads, file system, network, and inter process communication are managed by the core OS layer. Interface between the hardware and system frameworks is provided by the drivers present in this layer. For security purposes, a limited set of frameworks and applications are allowed to access the kernel and drivers. To access a few low level features of the iOS, the core OS layer provides a set of interfaces. Generally, user applications access these features through the LibSystem library present in the core OS layer.
7
Core Services Layer:
This layer is essential for all applications because it is the base for all technologies used. The core services layer provides the framework for all applications. Some of them are explained below.
Core Foundation
CoreFoundation.framework is nothing but a set of interfaces which provide data management and service for applications used in the iPhone. These interfaces are developed in the C Programming language. Here, “Toll Free Bridging†is used between two frameworks to combine Foundation objects and Core Foundation types. This means that Core Foundation and Foundation types can be used interchangeably in the methods and functions of any one of the frameworks.
CFNetwork
The CFNetwork framework (CFNetwork.framework) is a set of high-performance, C-based interfaces that provide object-oriented abstractions for working with network protocols. These abstractions give you detailed control over the protocol stack and make it easy to use lower-level constructs such as BSD sockets. You can use this framework to simplify tasks such as communicating with FTP and HTTP servers or resolving DNS hosts.
Security
In addition to its built-in security features, iPhone OS also provides an explicit Security framework (Security.framework) that you can use to guarantee the security of the data your application manages. This framework provides interfaces for managing certificates, public and private keys, and trust policies. It supports the generation of cryptographically secure pseudo random numbers. It also supports the storage of certificates and cryptographic keys in the keychain, which is a secure repository for sensitive user data.
The CommonCrypto interfaces provide additional support for symmetric encryption, HMAC, and Digests. The Digests feature provides functions that are essentially compatible with the functionality normally found in the OpenSSL library, which is not available in iPhone OS.
XML Support
The Foundation framework provides the NSXMLParser class for retrieving elements from an XML document. Additional support for manipulating XML content is provided by the libXML2 libraries. This open source library lets you parse or write arbitrary XML data quickly and transform XML content to HTML.
SMS Security Issue:
This IPhone hack takes advantage of the way in which the iPhone handles the SMS protocol. Using this hack, Denial of Service (DOS) attack can be launched. Intercepting text messages and making the system vulnerable to malware can be done. Firstly, the IPhone is spammed with text messages. If the user deletes any one of the message, the attack fails. Otherwise, the hacker can shut down the phone, deface the text and reconfigure the phone’s keys. Important risk of this attack is that this method can be used to "infect" the iPhone with malicious code without any user action. One of the major risks of this method is that, the infected iPhone can be made to send spam messages to all the contacts and infect many phones similarly.
Solution:
It was fixed through improved error handling by the apple development team. Apple released the security patch for this issue in July 2009. However, this update has not solved the jailbreak or unlocks issue.
The figure shows the layers of an SMS Protocol.
The Short Message Lower Layer (SM-LL), the Short Message Relay Layer (SM-RL), the Short Message Transfer Layer (SM-TL), and the Short Message Application Layer (SM-AL). The Major functionality of SMS occurs in the relay and transfer layers
http://www.techotopia.com/index.php/The_iPhone_OS_Core_Services_Layer#Core_Foundation_Framework_.28CoreFoundation.framework.29
www.blackhat.com
www.wikipedia.org
http://community.ingres.com/wiki/Error_Handling_Enhancements#Examples
