The Business Takeaways from Apple's SSL Fiasco

By Drew Hendricks March 06, 2014

If your company hasn’t updated its iOS and Apple computers over the last month, you need to drop everything and make that happen. News of Apple’s extreme SSL vulnerability rippled across the Internet throughout late February.

Developers, tech experts, and media figures implored consumers and business users to update their mobile devices to iOS version 7.0.6, which included the critical fix for the SSL bug.

According to Apple Insider, the adoption rates for this software update hit 13 percent within the first two days of the update release. Incidents like these illuminate several key points that companies and IT departments need to learn, when it comes to securing their in-house, loaner, and BYOD technology.

Technology affected

Essentially, security professionals uncovered two extreme flaws in Apple products: the “goto fail” bug in both the iOS and OS X platforms, which run on Apple mobile devices and computers respectively. Security professionals who wrote and warned users about this bug attempted to conceal certain key points about the flaw, in order to prevent would-be attackers from exploiting the vulnerability before a patch was released by Apple.

The flaw is known as the “goto fail” bug because of a slight typo in the system code, which causes the software to skip a key piece of verification. That extra “goto fail” line represented a hidden snake in the operating system, which posed a threat to users who logged onto secure websites while on untrusted networks, such as public Wi-Fi.

The most terrifying aspect of this error is that it has been affecting Apple mobile devices ever since the release of iOS 6 in September 2012.

The news is equally dire for businesses that rely on the native and third-party apps in OS X, especially if your company has remote or telecommuting workers who complete tasks at a distance from your secure office networks. Security experts suspect that Mac apps such as Safari, Twitter, Facetime, iMessage, and other integral system apps were open to the vulnerability.  

Threats to businesses

The flaw affects users’ SSL certificate security: the protocols we rely on when we log on to secure services such as social media, bank accounts, and work-related systems. This opens users up to sniffing, aka man-in-the-middle (MITM) attacks.

Imagine an employee going to pick up some coffee outside the office, and he jumps onto the café's Wi-Fi to check something on the company’s cloud computing system. A malicious attacker who’s connected to the same network has an opportunity to intercept critical data, such usernames and passwords, before it can securely reach the website. This is the process known as “sniffing.”

How companies can minimize risk

The first thing to note about this flaw is that it wasn’t anything new; it’s a code error that has existed for more than a year. IT education is paramount: The people who maintain your office technology need to be in the loop about breaking news so they can respond appropriately.

The second element to focus on is scheduled maintenance and updates. It’s possible that many users had no idea about this vulnerability until Apple released the latest updates, which described the vulnerability in their notes.

Scheduled system and software updates can help protect companies against current attacks.

The third way companies can minimize damage is to leverage Mobile Device Management software for tablets and smartphones. IT departments can enforce key security practices, such as complex unlock passwords, network settings, and “open in-app” settings, which can significantly reduce risk even in the face of the “goto fail” bug.

Apple’s recent SSL controversy might have been a rude wake-up call for many businesses. It highlighted the very real need for regular IT updates, management, and security protocols.

No system is infallible; just a few characters of code can mean the difference between a secure and a breached work system. Company leaders can minimize risk through continued IT training, scheduled maintenance, and device management software.




Edited by Cassandra Tucker
SHARE THIS ARTICLE
Related Articles

Bloomberg BETA: Models Are Key to Machine Intelligence

By: Paula Bernier    4/19/2018

James Cham, partner at seed fund Bloomberg BETA, was at Cisco Collaboration Summit today talking about the importance of models to the future of machi…

Read More

Get Smart About Influencer Attribution in a Blockchain World

By: Maurice Nagle    4/16/2018

The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …

Read More

Facebook Flip-Flopping on GDPR

By: Maurice Nagle    4/12/2018

With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…

Read More

The Next Phase of Flash Storage and the Mid-Sized Business

By: Joanna Fanuko    4/11/2018

Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…

Read More

Satellite Imaging - Petabytes of Developer, Business Opportunities

By: Doug Mohney    4/11/2018

Hollywood has programmed society into believing satellite imaging as a magic, all-seeing tool, but the real trick is in analysis. Numerous firms are f…

Read More