Aviva iPhones on MobileIron attacked, firm reportedly moves affected devices to BES 10

By Bla1ze on 23 Jun 2014 02:14 pm EDT

Over the past few months there has been a lot of info coming from BlackBerry about how their competitors such as Mobile Iron and Good stack up to that of BES 10 offerings. Back in May, the BlackBerry blog featured an article called 'Good Isn't all that Great, while Iron shows its Rust' and while some may have dismissed the article as BlackBerry simply defending themselves, some news coming out of The Register shows BlackBerry was arguably in the right to highlight the problems within their competitors systems and services.

According to the report, Aviva was using MobileIron to manage more than 1,000 employee devices such as iPhones and iPads but on May 20th, a hacker utilizing a heartbleed-based attack was able to obtain access to the server and post messages directly to those devices through their email accounts in addition to performing a full wipe of every device and eventually, shutting down the server itself. To their credit, Aviva responded to The Register about the attack and noted that no customer data was exposed during the event and additionally; no business data was accessed or lost:

The issue was specific to iPhones and none of Aviva's business data was accessed or lost. Someone gained access to a third party supplier, which also enabled them to reset mobile devices for some Aviva users. There were no financial losses or repercussions. It was an overnight issue and by the start of the next day we had begun to restore devices.

In addition to the statements issued by Aviva, MobileIron also responded to inquiries into the events as well and offered up their own reply on the matter:

Our investigation concluded that this incident neither resulted from nor exploited any compromise or vulnerability in MobileIron systems or software. All indications are that this was an isolated incident that does not represent a threat to other MobileIron customers.

So how does this all relate to BlackBerry aside from MobileIron being a competitor in the BYOD space? Well, according to the report from The Register it wasn't just a refresh of devices back onto the MobileIron system that took place. Instead, it's being reported the Aviva opted to move their affected employees to BES 10 at that point in order to manage all of their Apple devices and are looking to cancel their contract with MobileIron reseller Esselar.

That's a win for BlackBerry in the BES 10 department if it turns out to be accurate. Of course, no 'hacking' of such things should be celebrated, just ask anyone who has ever had an account compromised, but it certainly gives more credit to what BlackBerry has been saying all along. If you go with others, you're going with people who have services that aren't built from the ground up with security in mind and these days, that's simply not worth the risk.

Discuss more in the CrackBerry Forums

Reader comments

Aviva iPhones on MobileIron attacked, firm reportedly moves affected devices to BES 10


I wonder if these guys at Mobile Iron used to work for our current administration in the USA...

Major problem...come out with some indescernable gibberish.

Founding Member of "Club Z30 "..... the most exclusive club in mobile

You must have a very sad life. I'm sorry dude. I hope you enjoy this moment of feeling important. :-)

Posted without the aid of AutoCorrect with my physical keyboard via CB10

Right... he has a sad life for getting excited about posting first... and I guess that means your life is a little sad for taking time out of your day to comment on his comment... and naturally that extends to ME, for bothering with your useless comment lol... good times.

Okay.....I am going to demonstrate the saddest life out of all of ya's by commenting on your commentary of the comment about posting first. I thought your comment was quite funny.

Then of course there is the vulnerability of all cell phone voice communications and apparently data on the phone itself to this kind of localized eavesdropping and gathering devices. At least with BlackBerry the data on phone can be encrypted, but the voice calls require something like SecuSmart to lock down. BlackBerry needs to buy them.

From my Neutrino Powered Z10

I'd like to see this posted on iMore as well. BlackBerry's downsides and critiques thereof are frequently here on CrackBerry, maybe there should be some of that on the Apple side of MN.

One thing is guaranteed, is that the UK financial regulator is going to be looking into this breech, especially if it potentially involves any customer information.

Throw the data protection investigation into the mix too.

 Posted by the Crackberry Pirate  ‎

1,000 devices, now BB needs to show the other 1,000,000 device owners that who don't seem to care.

Via The BlackBerry Z10 Experience.

Just prove that others aren't that save and market that - also pay attackers to find bugs in your own system

Posted via CB10

BlackBerry doesn't have a Marketing Dept. Do they??? If so it's the companies best kept secret ever.

Posted via CB10

It may have crossed their minds a few times over the last few years, but I'm guessing that's a line that won't be crossed.

From my Neutrino Powered Z10

Hacking shouldn't be celebrated but if I said that this didn't make me smile a bit on the inside, i'd be lying..lol.

Pimp slappin iGeeks and Droinerds with my Q10

Correct however, they were all warned. We have zero issues with BlackBerry and BES, the competitors can dangle gold, diamond,rubies we won't budge, BES is the best and using the hardware just Strengthens the overall security. Good Luck to all the corporations that jumped ship including some Governmental Departments.

Posted via CB10

We do have issues - it's just that we don't know what they are yet :-)
All systems have vulnerabilities - even super built from the bottom up secure by design systems.

Posted via CB10

I just love mobile iron's response. Was all damage control and absolutely nothing to ease the trouble their client went through... No wonder they are switching...

Posted without the aid of AutoCorrect with my physical keyboard via CB10

Shhhh ... the "everything is awful, in every way, all the time, under every single circumstance" crowd will hear you

Posted via CB10

It IS kind of funny, the predictability of it, seeing the negative articles pop up like clockwork after a surprise decent quarter.

From my Neutrino Powered Z10

Great stuff, nice article Bla1ze. True that hacking isn't celebrated but it is a notable win for BlackBerry.

That's also correct, they also would like the public to think that "no other data " was compromised, right...... ,if the hacker could have done what's reported guaranteed more damage was done than they would care to admit. it's called "damage control "

Posted via CB10

Damage control. I think that's the right expression.

As if they only wiped devices and nuked the server just for the lulz.


Pasted via CB chen

But I don't really get it. According to the article, and MobileIron's statements, this is not an issue with Mobile's systems, but with the Apple devices themselves. So shouldn't they be moving their iPhones to Blackberrys? The MDM solution will need to move as well to manage them, but why would they risk the iPhones being hacked again. Am I reading this wrong?

Great point! The most secure system out of the box is a BlackBerry phone connected to a BES server. Keep pounding that drum!

From my Neutrino Powered Z10

Yes but even BlackBerry would suggest that ios and Android can be nearly as secure with secure workspace (on BES 10). BlackBerry won't be for everyone (device) but I strongly believe BlackBerry as a MDM solution is for everyone!!!

Posted via CB10

Yes, but they will also tell you that "nothing is more secure than a BlackBerry on BES" Scott Tzotski from BlackBerry has said this as often as someone is interviewing him. Secure workspace is better than any competing secure sandbox solutions, but it is not as good as a BlackBerry on BES.

From my Neutrino Powered Z10

Ever since I read this story this morning, have been waiting for you guys to put it on the front page, and help spread the word.


I am sure if it's in the news, it's all as reported. Do you see a shooting in the news and deny it's as reported???? If so that's kinda sad.

Blackberry is the superior security, always is and always will.

It's sucks when you get hacked in general.. ppl should do their best to prevent it and buy a BlackBerry..


Not that I would wish this on anyone, but curious if the tech experts and bloggers who put out negative and uninformed reviews of anything BlackBerry experienced this, if their opinions on BlackBerry might change?

Naaahhhh, who are we kidding.

Hopefully anyone affected personally will be ok.

Bah hahaha...that's for NOT choosing BlackBerry as your only business mobile choice. As for the hacking itself, it's sad and should never have been given the chance, to happen in the first place...

I still don't get that if you have a serious company why on God's green earth would you give your employees and iPhone......it puzzles me......

Posted via CB10

It's like dealing with children. Parents always yield to the kids. Making an emotion decision rather than a sound one. Except in this case, it's a business.

EyePhone Salesman: Ok, It's $500, You have no choice of carrier, the battery can't hold a charge and the reception isn't very...

Fry: Shut up and take my money!

Posted via CB10

What if someone from BlackBerry hacked into the affected iphones? Now this would be a Master move to drive up sales.. :p

Posted via CB10 on my Z30

I can see more businesses adopting BES, but I don't think situations like this will make people suddenly dump their iPhones for Blackberries.

Go ahead, fanboys, and insult my mother for saying that.

Lol. Trust me, I'm not defending the iPhone, but you know how stubborn people get when you try to take their favorite toy away from them, even if the reason is justified.

Not on the consumers front. In businesses, I do expect they adopt a more stringent policy when it comes to customers personal data. From government, financial institution to the retail outlets that possess tons of our personal data.

Agreed, completely. Being in the Coast Guard, I'm actually surprised they replaced the Blackberries with iPhone 4s (yuck, lol). Maybe, with the return of the Classic and the unveiling of the Passport, we'll see more enterprises adopting Blackberry again. I'm not sure, why anyone would be against it, as these devices are to get work done and not for playing Candy Crush, lol.

Maybe there has not been any successful litigation for loss of personal information or breach of privacy. I'm surprised that companies would continue to take the risk, especially in the litigious society that is the US. It's even more risky for companies that have health-related personal information...I guess Aviva doesn't do health insurance.

Posted via CB10 on Z10

I agree, but BlackBerry is more focused on the enterprise at the moment. They'll need to continue to win back BES customers in order to truly turn things around. If they gain traction in the consumer space as well, that's even better. According to Chen, they only need to sell a baseline of 10M new devices annually to be profitable on the hardware side.

It's never if, it's always when. I would bet there is more to the hack/compromised devices that isn't mentioned and BES10 offers something MI can't. Again when security has to be better then good enough....

You mean making security decisions based on socio-political trends is not as good as hard data? Who knew? Wow, now I need to rethink everything ...

Bbm'ed this to my girlfriend, she works at a financial management company, billions$ All the higher ups use iPhones and they are moving off windows XP because they have to . Security is a non issue to them, haven't been hacked big time so who cares. IPhones are cool and trendy so that's what the yupes want to have while they drink their $12 coffees while they move millions $ of stock around.

Posted via CB10

Well what do we have here? ... Word will get out about this and that's all you need for BlackBerry as the provider of choice for MDM and security. Even better when companies find out that using BlackBerry devices add further security and value added features like Balance, eBBM, etc. Users will hopefully start saying "wow, BB10 is pretty neat! I like it!" Marketing via enterprise. Same way BlackBerry got popular and desired in the first place.

Posted via CB10

And people question why we stick to BlackBerry....jeez I wonder...

Posted via CB10 on my BlackBerry Q10.

Hopefully this isn't news JUST here on good ole' CrackBerry. Would love to see this story show up on other sites and gain some well deserved (and needed) traction and attention.

Posted via CB10

We jumped aboard BES5 some years ago after a hacking attempt on our servers nearly shut us down and we haven't looked back since. We only have a small fleet, ~74 units, but we work on our devices and they hold valuable and private customer and corporate information, we can only operate with the complete trust and confidence of our clients, if we lose that we might as well just shutter the place up. We're now on BES10.1 and are chomping at the bit to see how BES12 can take us to the next level. It's interesting but you tell someone their data is protected by BlackBerry and what ever qualms they may have had seem to disappear.

I also know a company moving from blackberry to another mdm solution with some windows phone and lot of apple. The fun part is not only the apps on apple but also there open wifi. It's a big world wide company but it seems everyone get easily using phone or ipad hacks.

Thank god there laptops are better protected but the company is working like this since 1 years almost but I'm sure they have leaks and the guy who is responsible doesn't care because he can't secure ipads or iphone in there network good enough thanks to there 8000 users and higher management :)

Posted via CB10

They still haven't fixed the heart bleed issue? Wow. Top flight security over here. #TeamBlackBerry

Posted via CB10

People are crazy and stupid, they knows all that bullshit iPhone and android devices can easily be hacked, but still supporting them :)

Posted via CB10

With tailor made enterprise devices available from BlackBerry I'm surprised the corporate world ever flirted with the competition.

And I also wonder if they collectively realize just how close they all came to shutting down a mobile whose raisin d'etre was them in mind.

Sent from my BlackBerry Z30

On a complete tangent... I HATE when people use the short hand as seen in the picture from the article...

What kind of numbnuts cant take the time to type "like" instead of "lik" ... and "heart" instead of "hart" ... whadda u allergic to the 'e' key?


Where is the media that loves to only report the negative news on BlackBerry?

Posted via CB10

Busy attempting to beat down a surprisingly positive quarter and annual meeting.

From my Neutrino Powered Z10

This is just great! Sorry Aviva... I thought insurance companies know how to do risk assessment... I guess your Iron rusted out :D

Posted via CB10 on my Z10

"There were no financial losses or repercussions". Really? A statement like this is made and no one calls them on it? What about the time spent investigating what happened? What about the time spent by those that were affected in getting their phones restored? They should be hammered for making a ridiculous statement like this.

Only thing I can say about this article is :

Hahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahahaahahahahahahahahahahahahaha.. LOL!

Posted via CB10

Exactly.. today I was browsing Android apps through Snap and it drawn my attention all those messaging apps highlighting their secure messaging and whatever encryption methods they use.

It looks obvious now that security is something you don't get by default in Android and oh look, iOS even and you you could pay even for it.

By the way, this Threema app what they are thinking?? BlackBerry should sound off!! They are literally copying BBM!!

Posted via CB10

Never fails; people and companies go cheap and lack due diligence and voila; break in.

People never seem to learn until it is too late!

Posted via CB10

Did the article mentioned the hack was caused by 3rdparty software. If that is the case, will the same issue happen to BES if a 3rd party software is in fault?

No, third party apps are sandboxed. On BES the administrator also has the power to curtail / control the installation of rogue apps, Additionally the core features of QNX further negates the possibility of this occurring, though not completely impossible, it's just very difficult for that to happen on BlackBerry 10.

Posted via CB10

Curious to know how the decision was made to adopt bes10, someone inside must have known BlackBerry does it better or Mr Sims was all over them when the call came in.

Posted via CB10

I can't believe anyone would even want to use the most outdated smartphone in the world (iphone). I hate WP but they are the third best option when it comes to smartphones and they destroy the iphone5 or 5s or whatever gimmick apple uses to sucker in the weak minded people . Iphones are uncool useless phones with Lmfao 4 inch screen.....no really 4 pathetic inches. Lol

Posted via CB10

While it's nice to see some firms waking up to the advantages Blacmberry offers, I think (my opinion, however flawed it may be) that this just exposes a weakness in Blackberry's product lineup. If a firm like this that's managing Ipads decides to go to Blackberry because of security, this could present a great sales opportunity for Blackberry. But Blackberry doesn't even make a tablet anymore. I really think Blackberry should have a tablet on offer for those who want one; even if it's just a fefreshed Playbook and offered online direct from Blackberry. It's better than having nothing.

A Playbook was already smaller than an Ipad, then a Passport is smaller than a Playbook...not really an option for a potential customer who has Ipads and a security breach and could possibly be persuaded to move to another product, if it were available.

"Instead, it's being reported the Aviva opted to move their affected employees to BES 10 " TYPO!
Instead of "the", it should be "that." Friendly catch ;-)

Carbon Fiber Z10 w/Leather Holster

And this is why I oppose any but the least intrusive cross platform exposure. The blackberry owner who is in the least concerned about security does not install android apps.

Posted via CB10

While incidents such as these bode well for BlackBerry, especially on the enterprise side, with BES10 out and BES12 soon to come , given that some of the reputation that the company was formerly banking on and still is to a certain extent, came from it's record of security...let's not get ahead of ourselves here!

We all remember the problems BlackBerry had a few years ago, with its servers crashing, loss of data, prolonged service interruption , even potential breaches etc.

While Crapple makes my ass twitch as often as I get a whiff of its overpriced and boring products, we should not forget that a determined hacker or a determined group of hackers, should they wish to, can break BlackBerry's security firewall as well...might be a bit harder, but we all know that in the our age that doesn't mean anything...

Problem is that BlackBerry hardly registers on anyone's tech radar especially hackers who I'm guessing have higher targets in mind than what is at the moment a has been former tech giant...

We should count ourselves lucky for now, but remain aware of the fact that what befell Apple could easily affect BlackBerry. Difference is they can absorb the shock, BlackBerry cannot!

Cartman says: Screw you guys I'm going home!

By the same token - 3rd party hosting - this gives ALL The incentive for BlackBerry NOT to outsource or 'open up' BES for BB10/BBOS devices.

 BlackBerry Z30  If it Don't Make Dollars, It don't Make Sense 

Had BlackBerry been in a much stronger position, they would have never opened up BES. Unfortunately, they really had no choice.

The difference between BlackBerry versus the competition is quite simple. BlackBerry offers the BEST Security Software powered by years of Experience. Something MobileIron and Good lack and will continue to lack for many years to come.

I think that a bigger story that will come out with these hybrid containerized MDM solutions like MobileIron and Airwatch, is the fact that they sync your work contacts into a phones native contacts app...and the you go and install WhatsApp...data privacy breach anyone?

AFAIK only BB and Good offer a fully containerized solution. I can see this becoming an issue when people realize that their work contact information is being shared with Facebook.

Boom, you just can't beat blackberry.

Posted via CrackBerry 10 (CB10) application using my BlackBerry Q10.

"Of course, no 'hacking' of such things should be celebrated"
=> That's how your remove the interim thing before EiC. *thumbsup*

We, loyalists, fans, supporters, crackberrians must avoid the behavior we hated so much when we were in the dark (see how I use past here). Helping and offering solid solutions is what we must focus on.
"Talion" never helped selling anything.

If this had happened to BlackBerry they would have been falling over themselves to put the boot in but it's hardly registering.
It'll be registering with the Aviva directors though who will be screaming at their jeans and tshirts IT bods, who will have assured them that using trendy consumer devices and start up tech would in no way compromise security. I've worked with insurance companies and this will be taken incredibly seriously. The shit really will have hit the fan there . After the Heart bleed vulnerability people and decision makers will take more due diligence in a phones security as opposed to its coolness. As they should have in the fist place.

Posted via CB10

MobileIron has 0 experience in securing Smart Phones. They lack what BBRY is king at doing.

Hopefully this is the beginning where companies start dumping MobileIron and Good for BES10/12 for obvious reasons.