An Assessment of the Vulnerabilities of the iPhone - Dissertation Example

? An Assessment of the Vulnerabilities of the iPhone Smart-Phone: Internet Security and Malicious Programs for iPhone Introduction: The Vulnerabilityanalysis and evaluation is an essential constituent of every necessary movement under the Risk Management Framework (RMF). The RMF consist of certain steps, where the each of the steps has to undergo the vulnerability analysis and assessment. The various six steps in the vulnerability analysis help in the easy identification and the evaluation of the various vulnerabilities found in the various steps where the identification is necessary. “The instant access that hackers have to the latest tools and techniques demands that companies become more aggressive in defending the security of their networks. Conducting a network vulnerability assessment, a self-induced hack attack, identifies the network components and faults in policies, and procedures that expose a company to the damage caused by malicious network intruders” (Peltier et al. 2003, para. 1). The various steps involved are the Classify the Information system. Choose Security measures. Execute safety measures Evaluate Security measures Empower Information Systems. Scrutinize Security measures “A vulnerability assessment provides follow up documentation, reports and additional consulting whenever required after the assessment process” (Penetration Testing Procedures & Methodologies 2011). Vulnerability is a characteristic or feature of a constituent that can be broken by an outside or inside agent like a hacking agent or a malware attack to break a safety policy or cause a harmful consequence on the software of the iphone. The Working of the Vulnerability Tools: “Performing vulnerability assessment is the only one step in developing a vulnerability management framework, but it is a very important step, you can perform vulnerability assessment internally or externally” (Manzuik et al. 2007, p. 4). Vulnerability evaluation methods usually toil by trying to mechanize the steps regularly engaged to use vulnerabilities: they start by the “footprint” examination to establish about the software services. Concern ought to be taken when successively using the code adjacent to the various operational targets, as the destructive consequences may occur. “The vulnerability assessment process involves passive and active analysis of the target systems for the known weakness, technical flaws or vulnerabilities. All of the discovered security issues will be services; the next step is to test for the known vulnerabilities that might exist on a host or network. (Rodstein 2007, p. 251). Vulnerability review tools merge both passive and active scanning; the passive scan is worn to determine the vulnerabilities that the objective is a good number likely to contain, and the active scanning is used to confirm that those vulnerabilities are, in fact, both there in the current situation and uncovered as well as utilizable. influential that vulnerabilities are utilizable increase the accurateness of the evaluation device by eradicating the artificial positives, i.e., the occasion in which the scanner detect a prototype or characteristic investigative of a probable vulnerability that which, on analysis, establish to be either (1) absent (2) not uncovered, or (3) not utilizable. It is the grouping of passive and active scanning, jointly with amplified computerization that has provided programmed penetration trying suite more extensively helpful in vulnerability evaluation. “As no commonly agreed rule exists for worm and virus naming, W32.Blaster.A (Symantec) is also known as W32/Lovesan.worm.a (McAfee), Win32.Poza.A (CA), Lovesan (F-Secure), WORM_MSBLAST.A (Trend), W32/Blaster-A (Sophos), W32/Blaster (Panda)or Worm.Win32.Lovesan (KAV). Besides the A version of Blaster, many more variants were developed based on the same exploit code” (Julisch & Kruegel 2005, p. 106). According to the researchers who are responsible for the security, very recently have establish that they have established the primary usable vulnerability in Apple Inc.'s iPhone, a error that permit them to take any data from the tool or even to revolve it into a distant observation tool. “Often times, some members of an organization require proof that a system is actually vulnerable to certain attack” (Whitman & Mattord 2005). According to the opinion of the researchers they embedded out vulnerability in the iPhone's description of Safari using "fuzzing" apparatus and presented various concepts that can use that can be convey from a malevolent Web site or by means of "man in the middle" strategy to lock in users interested in linking to an affected wireless access point. “A SQL injection attack may be your biggest threat today, but tomorrow it might be spread of malware through iphone applications, similarly the sensitivity of resources are likely to change over time” (Wheeler 2011, p. 1). The researchers declared that a subsequent develop really activated the iPhone distantly on one occasion the device was hijacked. When the second HTML page of the iPhone, was viewed it was found that the following developed consignment which required the iPhone to formulate a system sound and pulse for a second. Consequently by via other API purpose revealed, the utilization could have dialed phone numbers, send SMS or tapped audio as a debugging device and broadcast it above the network for later compilation by a malevolent party. “Sometimes it is necessary that as in case with the iphone Bluetooth browser interface, just to see by target device. Other times we can manipulate the identity information such as the friendly name to exploit the vulnerable Bluetooth devices” (Cache et al. 2010, p. 1). The vulnerability was detailed as it was projected a fix that can comprise in a prospect iPhone inform, according to the researchers they are ignorant about the various operations that are being planned about the various strategies incorporated. “If the source of the damaging instructions is an individual who intended that the abnormal behavior occur, we call the instructions malicious code, or a programmed threat, some people term as malware” (Garfinkel et al. 2003, p. 735). Internet Security and Malicious Program for iPhone:  If a person who is a user of an iphone and security related issues are absent, the user is at a highest risk at risk of including a network mail account hack; at danger of an online identity stolen; and at risk of trailing precious individual information, such as wireless examine account data, that might effect in financial losses, amongst other disasters. When it moves toward to mobile strategy, protection tops the catalog of IT security managers' concern. Even the iPhone is used firmly for play, it lead to make sure that the correct checking of the e-mail, surfing the Website through the Wi-Fi and admittance of diverse contented and services in the safest likely ways. The various steps can be followed in order to save the iPhone from he damage and control. “Virus hoaxes frequently claim that the touted harmful program destroys hardware and still mostly false, but the W95.CIH virus can make it so that the mother board replacement is needed to replace the damage” (Grimes 2001, p. 442). Enable Auto-Lock: One of the majority essential iPhone safety functions is the Auto-Lock characteristic, which tresses the device's touch screen subsequent to not being employed for a predetermined time epoch. Consumer can decide to position the iPhones to lock following not being used for certain minutes. Auto-Lock can as well be put out of action in total. Enable Pass Code Lock: The iPhone Auto-Lock disable the device's display after a predetermined time phase of non-use, but the Pass code Lock characteristic takes that a footstep extra. Whenever the device's display locks, whether due to Auto-Lock or as the hit the iPhone Sleep button--found on the pinnacle right of the device--Pass code Lock need a four-digit code to be penetrate previous to the tool can be engaged again. “They may provide much security as that our do not feel a remote wipe is required, at least it can buy you sometime, preventing access to your data while you decide what to do” (Landau 2009, p. 1). Use Wi-Fi Safely on the iPhone: One of the iPhone's most expensive features is its Wi-Fi sustain, which allow to join to speedy wireless networks for quicker Web browsing and improved data exposure in spots where cellular coverage is fewer than astral. However, occupying Wi-Fi networks with no winning the proper security defense can depart your device--and everything on it--open to devious hackers. “This item in settings opens the WIFI network screen; there are much useful controls, which provides much life for each of the battery charge” (Pogue 2010, p. 368). Securely Access Corporate, Web Mail: As a corporate iPhone customer, the most protected method to contact the mail, at smallest amount your commerce mail, is mainly via various exchange servers, presumptuous the association uses exchange. The various users can also definitely attain their business letters via iPhone convey thanks to the fresh introduction of mail. However, the procedure is not constantly secure--especially if you're not conscious of how to make definite that security guard is making possible, where available. “It enables the various type of the information to be exchanged across disparate systems is an easier and better manner, this becomes a standard way to describe structured data irrespective of whether the data belong to spread sheets” (Guruge 2003, p. 25). Browse the Web via Safari: This is a similar one like browsing on the Website via laptop or desktop computers, finding the way the Internet via iPhone is widespread with safety risks. Proactively making the use of the iPhone browser safety setting could potentially signify the dissimilarity connecting a fully-functioning machine and an infected tool delivered as ineffective by malware. The iPhone Safari browser safety setting are basic--and the majority is twisted on by default--but it doesn't injure to make certain that the iPhone Safari safety settings are in order. Set Device Usage Restrictions: Although the iPhone has prepared some important gain in fresh days on the way to become an appropriate business smart phone, its aspire user is at relax the consumer. And consumers approach in all shapes, sizes and ages. IT administrators with modest iPhone user have the aptitude to set iPhone limitations to, say, chunk clear content from individual exposed on the iPhone's music or video player. It is also capable of blocking admission to You Tube and end third-party application from being established. A malevolent Trojan masked as an iPhone appliance has donated to an eightfold increase in the amount of mails send with malicious addition over the precedent quarter, according to security firm Sophos. The increase in malicious email attachment requirements to be seen in context. Over the past few years, the figure of malicious attachments sent has turn down considerably in favour of relations to malicious websites – frequently spoofed version of lawful sites such as You Tube that assault unpatched browser vulnerabilities or deception user into install malware.   Injecting Worms and Viruses:  In computer safety and daily language, a hacker is an important person who breaks into computers and computer network. Hackers may be provoked by a massive amount of reasons, with profit, protest, or because of the confront. The subculture that has develop approximately hackers is often measured as the computer alternative but it is now an unlock field. “The worm exploited two vulnerabilities, even though the first alternative is to be considered more as a desired functionality” (Filiol 2005, p. 262). One of the most familiar Internet risks of vulnerability is Malware, which contribute to viruses and the worms, in general objectionable software. The reason of such software is to cause interruption moreover by deleting files, distribution mails, or interpretation the host system is permanent. “The National Institute of Standards and Technology (NIST) have defined the following: Exploiting security vulnerabilities by injecting worms and viruses is another form of malware-based phising, this type of attack spread through software engineering” (Ethical Hacking & Countermeasures Threats & Defense Mechanisms 2010, p. 1). Introduction to Smart Phones: Smart phones are used worldwide today. Within all Smartphone, iPhones are the most commonly used smart phone. There are many applications like location detection using maps, social networking, media (both video and music) players, games, trip advisor, online news headlines, online videos and many other applications. A recent study conducted revealed that today more than half of the total population worldwide use Smartphone, which is even considerably when compared with the usual mobile users. The smart phone users use their phones for various purposes like business purposes, online video chatting, and other social networking purposes. The usage of Smartphone have been used to such an extent that it will soon outnumber the number of computers. The major traits of Smartphone’s include portability, applications, and web connections. They also detect wireless commutations like Bluetooth, WI-Fi. Also they can exchange their data and knowledge by keeping it in hands, which enables them to travel with their office in their pockets. Even with all these improvements they have a rear area. Do we need an antivirus for the iPhone? The Smartphone’s security is much weak considering usual computer. Smart phones are likely to download malicious agents in to the phone which can even transfer our local details including passwords of emails into the hands of hackers and making users unable to operate them. In this age handheld devices like android mobiles are difficult to analyze, Such that they can be scanned to see the vulnerabilities. This is mainly because it has become somewhat similar to the actual computer in our living room that has large storage, speed, display, and power. Therefore examining lazily may lead to loss of data. Memory cards are the additional memory devices used to store data in mobile. Vulnerabilities of the iPhone, Smart-Phone: Most websites and news aren’t well aware of these infections. These are mainly because of they are not ever well detected by any of the detecting mechanisms. Whenever a user visits any malicious websites with iPhone browser causes the hacker file to execute in the phone. They exploit the phone SMS list, caller list and other user login id and passwords. These are done by generating some codes. These codes can even sent messages to some paid site which automatically takes money from the mobile. The user usually don’t use any pass code for its login, even if they have one they are not encrypted, which allows others to bypass them easily. There a user can view as many web application in the web sites. They offer many things for the user. They are cheap for the companies to give out their applications to their clients. Many companies have adopted web applications in their web sites, Google applications and Saleforce.com are examples. They help in easy distribution to various users at the same time. There comes the threat when viruses are attached with those applications. People unknowingly browse from mobile phone to these sites and download such applications and have threats on their phones. The weak firewall system of the mobile phones usually doesn’t detect these malwares and allow flow of data outside the system. The viruses make use of the system data which makes more defenseless. They yield our personal usernames/passwords, banking, and other confidential information. Some of them self replicate which makes them worse: This form of threats happen whenever the file is executed, and form threat to other data. These attacks mainly happen due to the gap between linkage of application developers and security. Security professionals would rather deny the fact that how the company’s application is going to work and the developer’s would deny the case of security offerings by the web site. Web worms are common today. It can get circulate from one peer to another. They can run on any surface. The viruses play their role by simply sending requests to the mobile which then executes a code there; it can otherwise inject code into the stored area. This can make the user view the cache them, which is known as cache poisoning. The purpose of the section is to give a clear view on vulnerability of external threats to apple phones. These threats are found in various databases freeware as well as in open source software. Developing a Vulnerability Assessment Tool: There are 6 steps for vulnerability assessment and its management. They are categorizing information from the environment of systems, analyze and manage its present security, review its security control, register the information systems and then check its working. The vulnerability assessment tools are mainly used for detecting and identifying vulnerabilities in the components. “Vulnerability is an attribute or characteristic of a component that can be exploited by either an external or internal agent (hacker or malicious insider) to violate a security policy of (narrow definition) or cause a deleterious result in (broad definition) either the component itself, and/or the system or infrastructure of which it is a part” (Vulnerability Assessment 2011, p. 6). Vulnerability generating objects includes the following: Viruses, worms, and Trojans are distinct by the system they multiply. Virus, according them is the self replicable problem where the various programs get affected by the same; they spread and alter the other programs.  Trojan horse: According to them they are non-self-replicating program that appear to have a functional purpose, but in actuality has a diverse, malicious function.  Worm: It is much important and the major one in comparing the other two, they are the ones where they affect the networking system as a whole and then spread to the entire network. A virus runs when the user commence an affected curriculum from a virus disk. Viruses stay a short profile, so as to extend extensively without being detect. Most of the time, the virus convention simply infect new programs or disks. Worms are equivalent to virus; they copy the affected virus to an additional computer and then launch that copy. In 1988 the Morris worm, proposed as an    easy proof of concept, caused severe damage to the growing Internet. “Other malicious programs take their names from what they do. Spyware, not surprisingly, refers to software that spies on your computer and steals your passwords or other personal information. Adware pops up unwanted advertisements, possibly targeted to your interests by using information stolen by a spy ware component” (Rubenking 2011). Rootkit is a viral program that directly pertain the operating system. They hide the malicious program from the Windows firewall. It is also capable of removing its files from threat list and performs hiding at the registry. The Bot is another infestation. “The term bot is short is for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the internet, without you knowing it” (What is a Botnet? 2011). These Bot can infect a large number of computers which are further called as botnet. Criminals can use these Botnets for sending spam massages, spreading viruses and commit other fraudulent activities like computer hack, thereby helping them. Dropper programs are those malicious programs used to aid other malwares. They are initially undamaging programs but they can channel other malware into the computer. They take their orders from their owners, in setting the malware into the computer. “Ransomware is a type of malicious computer software that threatens the user to take some destructive or harmful actions” (Ransomware: What is Ransomware 2001). These programs encrypt the data, and demand payment for decryption. They are not seen very common as the ransomware owner should be there to accept the payment These vulnerabilities can disclose confidential information including privacy breach, susceptible code generation causing harm to the system, defiance of services is examples. The tools used for this purpose is called vulnerability scanners, as they scan the system for the threats and save them from further damage. How the Tools Work: “Vulnerability assessment tools generally work by attempting to automate the steps often employed to exploit vulnerabilities: they begin by performing a “footprint” analysis to determine what network services and/or software programs (including versions and patch levels) run on the target” (Information Assurance Tools Report 2011, p. 11). Then the results are checked for the unusual behavior of any of the software. Then appropriate actions are taken by either the tool itself or else it is left to the user’s command. Passive scanners are those which can only scan a target, but will not taken any action against it, while active scanners are those which can scan the target and also take required action against it. “Active scanning attempts to find potential vulnerabilities by using known attacks against the selected targets” (Active Scan 2011, para. 1). It is confirmed that active scanning can only scan certain possible threats. For further detailed, scanning manual involvement will be required. “Active scanning attempts to find potential vulnerabilities by using known attacks against the selected targets” (Blog 2011, para. 2). Basic Standards to be Taken Care of: The project that is to be proposed here should be active that can perform scanning as well as analysis and checking. It should even check web applications. The tool can scrutinize the mobile’s initial components as default, store it as well. This enables it to refer for healthy application download. So that, it can well being. As main the tool can identify sensitive data. It should contain password assess to communicate for transferring data using Bluetooth and FTP. Plug-ins can be used for online web scanning and detecting threats. It should be physically transferable to other networks. It should be randomly updated with every new release of scanner tool. XCODE: There are different tools used to develop iPhone apps. One of them is the Xcode. “Xcode is the complete toolset for building Mac OS X and iOS applications — and with Xcode 4, the tools have been redesigned to be faster, easier to use, and more helpful than ever before. The Xcode IDE understands your project’s every detail, identifies mistakes in both syntax and logic, and will even fix your code for you. Quite simply, Xcode 4 will help you write better code” (Developer Tools: What’s New in Xcode 4 2011, para. 1). Xcode is software just like visual studio, .NET or ECLIPSE which is created by and for apple. (IOS: Xcode n.d.). (Developer Tools: What’s New in Xcode 4 2011, para. 3). First of all we have to create a virus definition database, and the scanners should read and identify the viruses if one is present. This virus definition should consult with its server at least 10 times a day for newer updates. There is need for communication with the tool. This can be done by extending a socket. A potential hazard can come any of the following things Internet download Mail attachments Sharing During file transfer Therefore the scanner can check for these items. Using Xcode: At first open Xcode and go to the file and click on new project and chose which type of application you need to build, by selecting the type of template. The main improvement utility in Interface Builder, in Xcode is that, it has a drag and drop interface design. “Inside Interface Builder you can develop the complete look and feel for your app without writing a single line of code” (Prochnow 2009). This is the skeleton of the application to be developed. The next phase is coding. Coding is said to be the blood and nerve of the same. Usually we have to write it with very tight coding. Just write it, it will run. The testing is done with the xcode which is an iPhone simulator. Build and go is the command given for running it. This automatically opens the iphone simulator and compile there. These does not guarantee the correct working of the application in iPhones, for this either the application has to be directly put in to the iPhone which is very risky or else the user has to code sign in into Apple’s web page for running the Apps there. “While Apple assures us that this type of "direct" coding is unnecessary, I found that it is almost always necessary: rather than rely on your bundle ID from the info.plist, insert your actual app ID from the iPhone Program Portal into the bundle ID field of the info.plist. Code-sign your app under the "Any iPhone OS Device" key of the "Build" list from your Target's "Get Info" button. AND code-sign your app in the same Target info location with the "Code Signing Identity" key (located right above the "Any iPhone OS Device" key). Select Build -- NOT Build and Go -- from the Build menu” (Prochnow 2009). After the testing the final tuning can be made by using Xcode. Here we need tab bar application. Now save it as any you need. Let it be antivirus. Then we get a sequence of groups and files, with a text editor on the right bottom. This is the place used to modify the default content of the software. By clicking on to main window xib a new window opens which is the thing to modify the user interface of the antivirus software. The Interface builder mainly consists of three windows namely: Tab bar controller Library View attributes (Skylar 2009). The main window that we use is, the Library for building the user interface. The required window can made to look impressive. Different attributes can be added to it, with respect to its function. Then save the whole project. The user interface should be designed to such that it should will scan all data in the phone and report the details in another view. This can be done explicitly by Xcode. Many a languages can be used in coding and designing the later part of “what the program should do?” it includes Objective-C, C++ and C. The coding in Xcode will somewhat look as: (Haskell Xcode Plugin (beta) 2007). CODING IN OBJECTIVE C Objective C is an object oriented programming. Objective C is easier to code, as they are very much similar to ANSI C language. Objective c is designed in such a way that it can deliver high performance object orientation with C. Objective C, as other OOP environment consists of The OOP language A dictionary of objects Development tools Runtime environment. Here is a program in objective C for greeting “Hello, World”. /* Comments: ** Example written by Pascal Bourguignon ** added #include "Greeter.h" after splitting hello.m by Dennis Leeuw */ #include #include "Greeter.h" @implementation Greeter - (void)greet { printf("Hello, World!\n"); } Classes: Objects are the basic constructs of objective c. “An object is a runtime instance of a class, and contains its own in-memory copy of the instance variables declared by that class and pointers to the methods of the class” (Learning Objective-C: A Primer 2010). The example show a class declared with name as My Class. Most of the class declaration begins with the @interface compiler directive which ends with @end directive. The whole instance and methods to be run is written in between “ivars” ({and}). Each of the instance and method lines are ended by using semicolon. Methods and Messaging: There are two types of methods, they are instance and class methods. A class in Objective-C can declare two types of methods: instance methods and class methods. An instance method is a method whose execution is scoped to a particular instance of the class. In other words, before you call an instance method, you must first create an instance of the class. Class methods, by comparison, do not require you to create an instance, but more on that later. The declaration of a method is shown as in the following figure. It includes an identifier, a return type, the keywords, parameter name and their type The minus sign represents it as an instance method. Messaging is a method by which a call is executed to call some other function or procedure. It is done by sending parameter information. Messages can be viewed for the reader’s use. It can be shown inside brackets on the right side. Nesting messages is a function of Objective c to avoid declaring variables for storing temporary results. Objective c introduces an invoking dot syntax method known as accessor methods, which determine the state for an object. It can be shown as in the example. [myAppObject.theArray insertObject:[myAppObject objectToInsert] atIndex:0]; The messages can be sent to the class itself rather than sending to the instance. For this, the method should be declared as a class method, than specifying it as instance method. Class methods are used in the normal cases for accessing shared information between different classes. The syntax of class method is to use plus sign before the identifier. The following show a class implementation called Myclass @implementation MyClass - (id)initWithString:(NSString *)aName { self = [super init]; if (self) { name = [aName copy]; } return self; } + (MyClass *)createMyClassWithString: (NSString *)aName { return [[[self alloc] initWithString:aName] autorelease]; } @end Declared Properties Declaration is used for method declaration as well as their property declaration. The user could organize their property according to their wish. Also it is an implement to the Accessor method. The example gives few declarations. @property BOOL flag; @property (copy) NSString *nameObject; // Copy the object during assignment. @property (readonly) UIView *rootView; // Declare only a getter method. Each readable property specifies a method with the same name as the property. Each writable property specifies an additional method of the form setPropertyName:, where the first letter of the property name is capitalized. @synthesize is another compiler directive used to create methods according to their wish. @synthesize flag; @synthesize nameObject; @synthesize rootView; Strings: Objective c can b considered as a superset of c, which enables it to use same set of variables and strings as c. the characters are denoted using single quotes and that of strings by double quotes. Objective c strings are created by passing strings around NSString objects. NSString class is a class that can create a class and the other featutures are memry management, supporting Unicode, printf utilities. The short used for the NSString is @ symbol in objective c. Given is an example creating astring. NSString *myString = @"My String\n"; NSString *anotherString = [NSString stringWithFormat:@"%d %@", 1, @"String"]; // Create an Objective-C string from a C string NSString *fromCString = [NSString stringWithCString:"A C string" encoding:NSASCIIStringEncoding]; Protocols: Protocols are methods designed by Objective C developer and obeyed by the class. “Protocols are a way of enforcing certain methods to be utilized, regardless of the actual class the object is part of, thus ensuring that a certain form of method template is implemented. Basically, a way of declaring an interface to an object while concealing its class. This is why we write a protocol in a similar way to how we would write an interface declaration” (Katz 2011). The protocol declaration is similar to class declaration. The example given below gives the details. @protocol MyProtocol - (void)myProtocolMethod; @end This is a short objective C program, in the end how the required program will somewhat looks like. /* Point.h */ #import @interface Point : Object {@private double x; double y;} - (id) x: (double) x_val y: (double) y_val; - (id) x: (double) x_value; - (double) x; - (id) y: (double) y_value; - (double) y; - (double) magnitude; @end /* end Point.h */ /* Point.m */ #import "Point.h" #import "math.h" @implementation Point - (id) x: (double) x_val y: (double) y_val {x = x_val; y = y_val;} - (id) x: (double) x_value {x = x_value;} - (double) x {return x;} - (id) y: (double) y_value {y = y_value; return self;} - (double) y {return y;} - (double) magnitude {return sqrt(x*x+y*y);} @end /* end Point.m */ /* pointTest.m */ #import "Point.h" #include int main(void) {Point* p = [Point new]; [p x: 3]; [p y: 5]; printf("%f %f\n", [p x], [p y]); return 0; } /* end pointTest.m */ A simple antivirus source code is depicted here which is in C language. /* Routine to check Ram for virus */ RAM_Test() { unsigned int vseg,voff; void interrupt(*v)(void); printf("\n\n RAM checking____"); v=getvect(109); voff=FP_OFF(v); if(vseg!=0x0 && voff=0x0) { printf("virus detected :-"); putch(7);return(1); } else printf("ok\n\n"); putch(7);putch(7);return(0); } } /*end of routine ram test*/ /*Routine to clean diskette*/ clean_Disk(next) char next; { clean_Boot_sector(next); clean_Data_Area(); change_Label(); } /* end of routine clean disk*/ clean_Boot_sector(next_disk) char next_disk; { int ans,i,True; static void *buf[512]; char virus[6],ashar[]="ashar",brain[]="Brain"; if(next_disk=='F') True=1; else True=0; while(True) { printf("\ninsert dos diskettein drive A____WAITING\n"); ans=getch(); ans=absread(0,1,0,buf); virus=ashar; ans=chkboot(buf,&virus); virus=brain; ans=ans&&chkboot(buf,&virus); if(!ans) { printf("\nBoot sector infected with virus\n") ; } else break; } printf("\n insert infected disk in drive A_________ waiting\n\n\n"); ans=getch(); ans=abswrite(0,1,0,buf); if(ans) printf("\n unable to clean disk\n"); } /*end of routine clean boot record*/ /*subroutine to check virus*/ /*boot routine*/ chkboot(str,name) char str[512],name[6]; { int i,k; for(i=0,k=0;i8; b1=dmp_sav&0x00ff; fatbuf[fat_off]=b1; fatbuf[fat_off+1]=b2; } } if(j) { abswrite(0,2,1,fatbuf); printf("disk cleaned \n\n"); } } /*End of routine clean_data_Area*/ /*routine to change volume label */ To convert it into Objective C, just write the code in Xcode and click the button convert it into Objective C. change_Label() { unsigned char buf[512],volb1[11]; int i,llen,lblpos,sno=5; struct ffblk blk; i=findfirst("*.*",&blk,0x08); if(!i) { absread(0,1,sno,buf); lblpos=findlbl(buf); while(!lblpos){ sno++;absread(0,1,sno,buf); lblpos=lblpos-0x0b; for(i=0;i [Accessed 16 Oct. 2011]. Information Assurance Tools Report. 2011. 6th Edn. Scribd.com. Available at [Accessed 16 Oct. 2011]. IOS: Xcode. n.d. Tiny4Cocoa. Available at < http://tiny4cocoa.com/doc/xcode-doc/ios-technology-overview/ios-developer-tools> [Accessed 19 Oct. 2011]. Julisch, K. & Kruegel, C. 2005. Detection of Intrusions and Malware, and Vulnerability Assessment. Springer. Available at < http://books.google.co.in/books?id=GEWlu8xUetUC&pg=PA105&dq=passive+vulnerability+assessment+steps&hl=en&ei=9naYTpvqNpHorQeLndiSBA&sa=X&oi=book_result&ct=result&resnum=7&ved=0CFAQ6AEwBg#v=onepage&q&f=false> [Accessed 16 Oct. 2011]. Katz, D. 2011. Protocol. O’Reilly Answers. Available at < http://answers.oreilly.com/topic/1774-how-to-use-protocols-in-objective-c/> [Accessed 19 Oct. 2011]. Landau, T. 2009. Take Control of iPhoneOS3. TidBITS Publishing Inc. Available at < http://books.google.co.in/books?id=U1GKKan8Tz0C&pg=PT99&dq=Enable+Passcode+Lock&hl=en&ei=UIOYTrHiJMW3rAf9w-CFBA&sa=X&oi=book_result&ct=result&resnum=1&ved=0CDUQ6AEwAA#v=onepage&q=Enable%20Passcode%20Lock&f=false> [Accessed 16 Oct. 2011]. Learning Objective-C: A Primer. 2009. Apple, Inc. Available at < http://developer.apple.com/library/mac/#referencelibrary/GettingStarted/Learning_Objective-C_A_Primer/_index.html> [Accessed 19 Oct. 2011]. Manzuik et al. 2007. Network Security Assessment: From Vulnerability to Patch. Syngress Publishing, Inc. Available at [Accessed 16 Oct. 2011]. Penetration Testing Procedures & Methodologies. 2011. Course Technology. Cengage Learning. Available at [Accessed 16 Oct. 2011]. Peltier et al. 2003. Managing a Network Vulnerability Assessment. Google. Available at [Accessed 16 Oct. 2011]. Pogue, D. 2010. IPhone: The Missing Manual. 4th Edn. O’Reilly Media, Inc. Available at [Accessed 16 Oct. 2011]. Prochnow, D. 2009. How to Make an iPhone App: Part Two. Popular Science. Available at < http://www.popsci.com/diy/article/2009-03/how-make-iphone-app-part-two?page=1> [Accessed 19 Oct. 2011]. Ransomware: What is Ransomware. 2001. 2-Spyware.com. Available at < http://www.2-spyware.com/ransomware-removal> [Accessed 16 Oct. 2011]. Rodstein, R. 2007. Securing Microsoft Terminal Services. 1st Edn. DABCC. Available at < http://books.google.co.in/books?id=R_3GsIC4zPgC&pg=PA251&dq=passive+vulnerability+assessment+steps&hl=en&ei=9naYTpvqNpHorQeLndiSBA&sa=X&oi=book_result&ct=result&resnum=5&ved=0CEgQ6AEwBA#v=onepage&q&f=false> [Accessed 16 Oct. 2011]. Rubenking, NJ. 2011. Viruses, Spyware, and Malware: What’s the Difference? PCMAG.com. Available at < http://www.pcmag.com/article2/0,2817,2379663,00.asp> [Accessed 16 Oct. 2011]. Skylar. 2009. Getting to Know Xcode/Interface Builder: Parts 1 & 11UITabBar Projects. Skyblog. Available at < http://www.skylarcantu.com/blog/2009/08/10/getting-to-know-xcodeinterface-buider-parts-i-ii-uitabbar-projects/> [Accessed 19 Oct. 2011]. Vulnerability Assessment. 2011. 6th Edn. IATAC. Available at [Accessed 16 Oct. 2011]. What is a Botnet? 2011. Safety & Security Center. Available at < http://www.microsoft.com/security/resources/botnet-whatis.aspx> [Accessed 16 Oct. 2011]. Whitman, ME. & Mattord, HJ. 2011. Principles of Information Security. Cengage Learning, Inc. Available at < http://books.google.co.in/books?id=L3LtJAxcsmMC&pg=PA336&dq=passive+vulnerability+assessment+steps&hl=en&ei=9naYTpvqNpHorQeLndiSBA&sa=X&oi=book_result&ct=result&resnum=8&ved=0CFYQ6AEwBw#v=onepage&q&f=false> [Accessed 16 Oct. 2011]. Wheeler, E. 2011. Security Risk Management: Building an Information Security Risk Management Program from the Ground UP. Elsevier, Inc. Available at < http://books.google.co.in/books?id=cW1ytnWjObYC&pg=PA43&dq=vulnerability+assessment+in+iphone&hl=en&ei=PHyYTtjfF8rVrQftpuChBA&sa=X&oi=book_result&ct=result&resnum=2&sqi=2&ved=0CDkQ6AEwAQ#v=onepage&q=vulnerability%20assessment%20in%20iphone&f=false> [Accessed 16 Oct. 2011]. i checked the paper and i think it better than the first one. what i dont understand is that, is this a proposed project meant for further development or its a complete project with solution to the problem? and the xcode code there is just example not the actual intrusion detection system/firewall code? Read More