We've seen the deep technical research showing what makes iOS devices secure (or sometimes not so much). But once you grok ASLR and code signing, are you really any closer to understanding the risk these devices present to your environment?
This talk reviews the key technologies available to keep data protected on iStuff, hopefully framing the discussion in a way decision makers can understand. From built-in features, to tricks for getting around them, to advanced attacks, we look at the most important things you can do to keep your data secure. And provide a non-nonsense reality check on the reasons you'll never be 100% safe.
The talk concludes with a short review of best practices, both for configuration and custom application development, as well as a review of improved controls introduced in iOS 6.
David is a Senior Consultant with Intrepidus Group, where he performs web and iOS application security testing, penetration testing, iOS research, MDM reverse engineering, and other such fun. He's fortunate to have spoken at multiple security conferences on topics from rainbow tables to MDM to puzzle contests. When not actively engaged in paying work, David loves solving crypto puzzles, working on side projects like KhanFu.com, and, when he remembers the app on his phone, looking for Geocaches. He can be found on Twitter as DarthNull, and is way behind on his puzzle writeups at darthnull.org