Protecting Sensitive Information on iOS Devices

Presented at ShmooCon IX (2013), Unknown date/time (Unknown duration)

We've seen the deep technical research showing what makes iOS devices secure (or sometimes not so much). But once you grok ASLR and code signing, are you really any closer to understanding the risk these devices present to your environment?

This talk reviews the key technologies available to keep data protected on iStuff, hopefully framing the discussion in a way decision makers can understand. From built-in features, to tricks for getting around them, to advanced attacks, we look at the most important things you can do to keep your data secure. And provide a non-nonsense reality check on the reasons you'll never be 100% safe.

The talk concludes with a short review of best practices, both for configuration and custom application development, as well as a review of improved controls introduced in iOS 6.

Presenters:

• David Schuetz / Darth Null   as David Schuetz
  David is a Senior Consultant with Intrepidus Group, where he performs web and iOS application security testing, penetration testing, iOS research, MDM reverse engineering, and other such fun. He's fortunate to have spoken at multiple security conferences on topics from rainbow tables to MDM to puzzle contests.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2013/ShmooCon 2013 Videos/Protecting Sensitive Information on iOS Devices.mp4

Similar Presentations:

• AppSec USA 2013 / iOS Application Defense - iMAS
• DeepSec 2016 „Ten“ / Offensive iOS Exploitation
• Black Hat USA 2016 / Behind the Scenes of iOS Security