MobileIron: Feet of clay?

The Register reports that iPhone-carrying employees of UK insurance giant Aviva had their devices wiped on May 20 when someone hacked the company’s MobileIron admin server.

An insider has apparently told El Reg that Aviva planned to cancel their contract with MobileIron and would be moving to another service (the source revealed that the company has switched users to a new Blackberry server).

The breach purportedly involved exploiting the now long known Heartbleed bug, and one expert consulted by The Register opined that a perimeter scan should have detected the vulnerability — leaving us to wonder if, like many companies, Aviva doesn’t bother to do such scans or simply has failed to retain sufficient staff to check them.

Is this another example of the ignorance and/or complacency of corporate strategists when it comes to system security?

Sure seems like it.

Fortunately, the financial press do not seem to have heard (their news aggregators seem not to subscribe to El Reg’s feed — or if they heard, didn’t grok) this bit of news and so the stock portfolios of Aviva’s leadership is probably safe. For now.

This entry was posted in Security, System Administration on by .

About phil

My name is Phil Lembo. In my day job I’m an enterprise IT architect for a leading distribution and services company. The rest of my time I try to maintain a semi-normal family life in the suburbs of Raleigh, NC. E-mail me at philipATlembobrothersDOTcom. The opinions expressed here are entirely my own and not those of my employers, past, present or future (except where I quote others, who will need to accept responsibility for their own rants).