In this second segment of the interview with Dan Guido, CEO and co-founder of Trail of Bits, Dan focuses on vulnerabilities in mobile devices, and shares the outcome of his research findings that he presented at SOURCE called “Mobile Exploit Intelligence Project”. Click Play to watch the interview.



Read below for a quick synopsis of the interview.

Is iOS the most secure platform?

Dan states that it’s definitely possible to exploit vulnerabilities in iOS. He then goes on to explain that it’s either too costly to do this or there are other mitigations that prevent this from happening. By disincentivizing the mobile malware community from performing malware attacks on the iOS platform using clever design choices, Apple demonstrated a different approach to tackle the problem of mobile malware. Dan concludes that Apple’s approach has been different and certainly a very effective response to the mobile malware problem.

Dan mentions that trying to trace every single unique identifier for very single malicious application is neither effective nor intelligent, in addition to also being resource heavy on an organization.

What are your recommendations with respect to “bring your own device” policy?

Dan references his research presentation that he delivered at SOURCE Boston this year titled “Mobile Exploit Intelligence Project”. As part of the research, Dan collected a comprehensive database of every piece of mobile malware that affected iOS and Android. This research was used to draw conclusions as to what security measures would be effective if implemented on those devices to protect against the malware that currently exists in the wild.

He points out that there are not really any mobile security products in the market right now that can mitigate against these flaws. To have an effective BYOD policy, Dan states that you need to assume that your devices are compromised, no endpoint security products that can prevent your devices from being compromised. One possible solution Dan talks about is the concept of “secure containers” to store encrypted information on mobile devices. Dan’s colleague, Dino Dai Zovi has written a paper on how effective the data protection APIs are on iOS, and how it is somewhat tenable to create secure containers to store encrypted information in iOS.

CLICK HERE to view Dan's presentation at SOURCE Boston titled "Mobile Exploit Intelligence Project".

About Niru Raghavan

Niru Raghavan joined the Veracode team in late 2011 as an Acquisition Marketing Manager. In this role, Niru is responsible for demand generation and program management primarily for online marketing programs. Prior to joining Veracode, Niru held positions of increasing responsibility at Liberty Mutual and Staples, successfully planning and implementing sophisticated online and offline marketing initiatives. She has managed product development efforts, launch activities and online marketing programs geared toward mid to large sized businesses in select vertical markets. Her specialties include product marketing, marketing strategy, and market research/analysis. She is also a keen web analytics enthusiast and Occam’s Razor by Avinash Kaushik is her all time favorite blog.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.