As organizations look to deploy larger numbers of mobile devices over this year, there is widespread disagreement in the security industry over which platforms are more secure, what mobile security measures are effective, and what the greatest risks of these platforms are. At the same time, the mobile malware community, while still in its infancy, is developing rapidly and several successful attacks have been executed against iOS and Android in the last year.
In this talk, we demonstrate an intelligence-driven approach to mobile defense, focused on attacker capabilities and methods, with data collected from past remote attacks and jailbreaks against Android and iOS. This analysis identifies the means by which exploits are developed and distributed in attacks, separates defenses that work from defenses that don't, and provides analytical tools that attendees can use to objectively evaluate the exploitability of mobile operating systems. Finally, we use this empirical data on attacker capabilities to make projections on where mobile malware is headed in the near to long term.