Heartbleed Open SSL

Aviva UK, one of the UK’s largest insurance companies had quite the attack recently on all their company issues iPhones. An article coming from The Register explains how the Heartbleed exploit gave hackers access to over 1000 iPhones and iPads.

Aviva was using the BYOD service MobileIron to manage over 1000 Apple devices such as the iPhone and iPad. However, on May 20, a hacker gained access to the MobileIron admin server and posted messages across to every email account and service associated with the devices. To make matters worse, the hacker then proceeded to wipe the devices thus removing the MobileIron service. According to the source, Aviva UK lost millions of pounds in damages.


And for the customers of Aviva? Need not worry, client information and data was not compromised, according to Aviva UK:

The issue was specific to iPhones and none of Aviva’s business data was accessed or lost. Someone gained access to a third party supplier, which also enabled them to reset mobile devices for some Aviva users. There were no financial losses or repercussions. It was an overnight issue and by the start of the next day we had begun to restore devices.

Naturally, Aviva UK decided to dump MobileIron in favour of BlackBerry’s very own BES 10 to manage and control the affected Apple devices.

Source: The Register