In this module, you learned about mobile operating systems and foundational concepts around desktop security. For your initial post, you will discuss your understanding of these concepts. You will also reflect on your overall learning experience in this course.
In your initial post, address the following:
- Write a brief reflection on the course concepts and what you've learned this term. Note anything that you found surprising, and the most interesting thing you learned in this course. Consider the following:
- What concepts were the most intriguing or memorable?
- What concepts directly apply to your life now or your future?
- Why might these concepts be important to remember in future courses?
- Then answer the following questions pertaining to mobile OSes and security:
- What are two recent mobile phone OSes and their hardware requirements?
- What are some of their known vulnerabilities? How would you approach each vulnerability based on the OS of the mobile device?
- Based on the mobile phone device, would the Android, Apple, or Microsoft OS be more at risk than others? Why or why not?
In response to two of your peers:
- Discuss similarities, connections, or differing opinions on what you and your peers learned in this course.
- Then address the following questions to build on the discussion around mobile OSes and security:
- Have you had any experiences troubleshooting any mobile devices, whether on your own mobile device or for a friend, family member, or colleague?
- If so, what was the issue and what did you do?
- If not, what are some issues that you may encounter and what would you do to troubleshoot those issues?
- Have you ever experienced malware on a mobile device?
- If so, what happened and what did you do to resolve it?
- If not, what would you do to remove the malware?
- Have you had any experiences troubleshooting any mobile devices, whether on your own mobile device or for a friend, family member, or colleague?
RESPONSE 1
One of the most interesting topics I believe to be the especially noteworthy would be the many usages of virtualization. Virtualization was initially meant to be used to teach people how to manage various types of Operating Systems within a limited hardware environment. However, over time virtualization shifted use from solely an educational tool to being utilized in enterprise network environments. Initially, I was not aware of this fact concerning the history of virtualization technology.
The more that I have learned about the myriad uses of virtualization, the more intrigued I become and wish to expand upon my current working knowledge of virtualization. Before learning of this fact about virtualization, I developed hybrid networks using vSphere and hosted the virtualized instances on a physical server. Oftentimes, I would experiment with certain configurations so that I could prepare for future classes. This practice led me to discover some issues with Linux FireWalls not including a specific port to allow my network traffic to flow outside the network to external web servers.
Another concept that I was reminded of when developing several projects not just for this class, but for another class was end of life for Operating Systems. OSes are constantly being improved upon to cover security vulnerabilities and it is inevitable that an operating system such as Windows 10 will meet the End of Life cycle soon. Upon realizing that concept, I realized that many organizations will likely begin to start deploying new Windows 11 machines throughout their networks very soon in 2025. This does not necessarily mean that Windows 10 is the only OS facing an end-of-life cycle soon. Windows Server 2012 and Windows Server 2012 R2 are nearing the end of life support as well in 2026.
These operating systems are still used by a large number of organizations and even though they could have obtained extended use support for Windows Server 2012 R2, that would only be a temporary solution. In other words, organizations will need to take a better stance on futureproofing and providing improved update support for the OSes within their networks. It is important to understand that since OSes will reach end-of-life, this will mean that the OSes will no longer receive support. Therefore, these OSes will become more vulnerable to malware, lose bug fixes and patches, and will be regarded as a security risk within a computer network. Academically and through work it will be important to align these concepts with the current IT trends.
The latest version of Android (Android 14) was released on October 4, 2023. Recently, the OS was updated on June 1st after an initial update several days prior introduced a GUI issue concerning recommended apps were located too close to the bottom of the screen. I made note of this issue right away when it occurred and realized that it was likely to be patched since it was a graphical interface issue that could be easily addressed. Moving on, the Android 14 mobile OS system requirements are the processor needing to have a GeekBench 5 SQLite score of 300 or higher. The memory requirement is at least 6GB RAM and at least 4GB of non-volatile storage. However, the recommended storage is 8GB for Android 14. One of the most severe vulnerabilities that Android 14 has is that threat actors could allow them to escalate their privileges on vulnerable devices.
This could lead to the theft of private information. Additionally, the Android 14 OS is not nearly as secure as iOS 17 which only allows the installation of applications from a trusted source. The hardware requirements for iOS 17 include the iPhones device being physically installed with at least an A12 Bionic SoC (System on a Chip), requiring at least 11GB of storage, and at least 3GB RAM (recommended is 4GB). Despite the robust security that the iOS mobile OS has, it is not without vulnerabilities. A notable example would be the zero-day vulnerability CVE-2024-23225, which is a memory corruption issue in the Kernal that could allow threat actors to bypass Kernal memory protections. Another example of a memory corruption vulnerability is also a zero-day vulnerability, CVE-2024-23296 which could also allow attackers to bypass Kernal memory protections. Both examples would allow for an attacker to infiltrate the iOS 17 device and perhaps even corrode the device's memory following the attack.
Despite these two vulnerabilities concerning iOS 17 and my personal preferences, I would state that Android 14 would be at the most at risk. Android 14 is more vulnerable to remote executables from unknown installation sources. The app store is only a single method by which Android 14 device users can install applications. However, there are other sources including online sources that present Android Package (apk) files as safe but may instead utilized to steal confidential information from users. I use several applications that I have installed from trusted online sources for my personal use using apk files. However, I would state that if I had not thoroughly investigated the application and the developer first, I would never have installed the applications on my phone. GNU public license applications that are usually installed as apk file format applications would likely never be installed on iOS 17 devices. It would be too much of a security vulnerability for the device.
RESPONSE 2
I think the section of the course dealing with virtualization and operating systems is going to be the most memorable portion of this course. I also think that the discussion about the virtualization and the Project One Milestone will be the most important portion of the course. The reason I feel this way can be categorized in two ways. First, I believe that virtualization will become more universal in a lot of different industries so understanding how it is utilized and why will become even more important as time moves forward. Second, becoming accustomed to thinking in a project management mindset and how virtualization can be used to conduct a site survey and a needs assessment for an organization will be able to help showcase your analytical thinking to perspective employers.
I have been a user of Android phones for a long time, I’ve never bought an Apple device. The only reason I currently use an Apple device at all is because my work phone is an Apple device. The two main Operating Systems for mobile phones are Android OS and iOS, these two operating systems account for the vast majority of mobile phones that are sold.
Android 14.0 Hardware Requirements:
4gb of RAM Minimum
64-bit CPU
iOS 17 Hardware Requirements:
iPhones with an A12 Bionic SoC (64-bit ARM-based system) or later
3gb of RAM Minimum (4gb is the typical)
Android does have a lot of known vulnerabilities, which implies there may be a wealth of unknown vulnerabilities as well. As an example, there is an information disclosure vulnerability that affected the Android 14 devices. The vulnerability would lead to an unintentional information disclosure local with no execution of privilege escalation necessary. Furthermore, the user of the device was not required to take any action for this exploitation to be realized. The details of this vulnerability can be found under the detail number CVE-2023-21312. The reason Android OS are generally considered more vulnerable than iOS is because while Apple uses a proprietary source code for their operating systems, Android runs on an open-source code leaving it more open to vulnerabilities. The caveat to this is because the code is open source it’s reasonable to assume that vulnerabilities are going to be found more easily. If there is a problem in iOS devices it may not be found as easily due to the closely guarded source code. There are far fewer known vulnerabilities for iOS run devices. One possible vulnerability in devices using iOS 16.7 or iOS 17 is found when a malicious application is able to bypass the signature validation necessary to gain access to the system. As was the case in the Android vulnerability, there is no requirement that the user takes any action for this exploit to take place, making it a high risk vulnerability. The details of this exploitation can be found under the detail number CVE-2023-41991.