Over the past few months there has been a lot of info coming from BlackBerry about how their competitors such as Mobile Iron and Good stack up to that of BES 10 offerings. Back in May, the BlackBerry blog featured an article called 'Good Isn't all that Great, while Iron shows its Rust' and while some may have dismissed the article as BlackBerry simply defending themselves, some news coming out of The Register shows BlackBerry was arguably in the right to highlight the problems within their competitors systems and services.
According to the report, Aviva was using MobileIron to manage more than 1,000 employee devices such as iPhones and iPads but on May 20th, a hacker utilizing a heartbleed-based attack was able to obtain access to the server and post messages directly to those devices through their email accounts in addition to performing a full wipe of every device and eventually, shutting down the server itself. To their credit, Aviva responded to The Register about the attack and noted that no customer data was exposed during the event and additionally; no business data was accessed or lost:
The issue was specific to iPhones and none of Aviva's business data was accessed or lost. Someone gained access to a third party supplier, which also enabled them to reset mobile devices for some Aviva users. There were no financial losses or repercussions. It was an overnight issue and by the start of the next day we had begun to restore devices.
In addition to the statements issued by Aviva, MobileIron also responded to inquiries into the events as well and offered up their own reply on the matter:
Our investigation concluded that this incident neither resulted from nor exploited any compromise or vulnerability in MobileIron systems or software. All indications are that this was an isolated incident that does not represent a threat to other MobileIron customers.
So how does this all relate to BlackBerry aside from MobileIron being a competitor in the BYOD space? Well, according to the report from The Register it wasn't just a refresh of devices back onto the MobileIron system that took place. Instead, it's being reported the Aviva opted to move their affected employees to BES 10 at that point in order to manage all of their Apple devices and are looking to cancel their contract with MobileIron reseller Esselar.
That's a win for BlackBerry in the BES 10 department if it turns out to be accurate. Of course, no 'hacking' of such things should be celebrated, just ask anyone who has ever had an account compromised, but it certainly gives more credit to what BlackBerry has been saying all along. If you go with others, you're going with people who have services that aren't built from the ground up with security in mind and these days, that's simply not worth the risk.