Insurance giant Aviva UK were last month hit by an attack based on the Heartbleed exploit that allowed hackers to access workers’ iPhones. Insiders claim Aviva is in talks about moving to a new platform due to the breach.
Aviva was using BYOD service MobileIron to manage more than 1,000 smart devices such as iPhones and iPads. On the evening of the 20 May, a hacker compromised the MobileIron admin server and posted a message to those handhelds and the email accounts, according to The Register.
The hacker then performed a full wipe of every device and subsequently took out out the MobileIron server itself.
In a statement Aviva moved to reassure clients that customer data was not exposed.
The issue was specific to iPhones and none of Aviva’s business data was accessed or lost. Someone gained access to a third party supplier, which also enabled them to reset mobile devices for some Aviva users. There were no financial losses or repercussions. It was an overnight issue and by the start of the next day we had begun to restore devices.
Aviva reportedly moved impacted staff onto a new Blackberry 10 service to manage all their Apple devices, and are in discussions with MobileIron reseller Esselar to cancel their contract.
MobileIron has issued the following statement:
“It is important to note that foundational components of the MobileIron Infrastructure are not vulnerable to the attack including our VSP (management console), Sentry (Secure Mobile Gateway), ConnectedCloud, Anyware, and the MobileIron client. None of these product components are vulnerable. We also conducted a recent webinar reviewing this for our customers.”
[signoff predefined=”Enjoy this?” icon=”icon-users”][/signoff]
