Last week I spoke at the Central Ohio ISSA Conference about Attacking and Defending Apple IOS Devices.  This talk was based on information gathered from several of the mobile pentests that I conducted at SecureState.  I’ll be working on more research that will be going into an white paper that I will hopefully be releasing in the next few months.  You can find my slides on SlideShare below and watch the video graciously recorded by Iron Geek.

UPDATE (5/27): I found a very nice script by Patrick Toomey which can dump the contents of the keychain on Jailbroken iOS devices.  More details about how the script runs can be found in this blog post.  Note that the type of information you get back depends if the passcode is enabled or not.  You will get more keychain entries back if the passcode is not enabled.  I had mentioned in my presentation that I hadn’t found a script to do this yet…well here it is.