The Business Takeaways from Apple's SSL Fiasco

By Drew Hendricks March 06, 2014

If your company hasn’t updated its iOS and Apple computers over the last month, you need to drop everything and make that happen. News of Apple’s extreme SSL vulnerability rippled across the Internet throughout late February.

Developers, tech experts, and media figures implored consumers and business users to update their mobile devices to iOS version 7.0.6, which included the critical fix for the SSL bug.

According to Apple Insider, the adoption rates for this software update hit 13 percent within the first two days of the update release. Incidents like these illuminate several key points that companies and IT departments need to learn, when it comes to securing their in-house, loaner, and BYOD technology.

Technology affected

Essentially, security professionals uncovered two extreme flaws in Apple products: the “goto fail” bug in both the iOS and OS X platforms, which run on Apple mobile devices and computers respectively. Security professionals who wrote and warned users about this bug attempted to conceal certain key points about the flaw, in order to prevent would-be attackers from exploiting the vulnerability before a patch was released by Apple.

The flaw is known as the “goto fail” bug because of a slight typo in the system code, which causes the software to skip a key piece of verification. That extra “goto fail” line represented a hidden snake in the operating system, which posed a threat to users who logged onto secure websites while on untrusted networks, such as public Wi-Fi.

The most terrifying aspect of this error is that it has been affecting Apple mobile devices ever since the release of iOS 6 in September 2012.

The news is equally dire for businesses that rely on the native and third-party apps in OS X, especially if your company has remote or telecommuting workers who complete tasks at a distance from your secure office networks. Security experts suspect that Mac apps such as Safari, Twitter, Facetime, iMessage, and other integral system apps were open to the vulnerability.  

Threats to businesses

The flaw affects users’ SSL certificate security: the protocols we rely on when we log on to secure services such as social media, bank accounts, and work-related systems. This opens users up to sniffing, aka man-in-the-middle (MITM) attacks.

Imagine an employee going to pick up some coffee outside the office, and he jumps onto the café's Wi-Fi to check something on the company’s cloud computing system. A malicious attacker who’s connected to the same network has an opportunity to intercept critical data, such usernames and passwords, before it can securely reach the website. This is the process known as “sniffing.”

How companies can minimize risk

The first thing to note about this flaw is that it wasn’t anything new; it’s a code error that has existed for more than a year. IT education is paramount: The people who maintain your office technology need to be in the loop about breaking news so they can respond appropriately.

The second element to focus on is scheduled maintenance and updates. It’s possible that many users had no idea about this vulnerability until Apple released the latest updates, which described the vulnerability in their notes.

Scheduled system and software updates can help protect companies against current attacks.

The third way companies can minimize damage is to leverage Mobile Device Management software for tablets and smartphones. IT departments can enforce key security practices, such as complex unlock passwords, network settings, and “open in-app” settings, which can significantly reduce risk even in the face of the “goto fail” bug.

Apple’s recent SSL controversy might have been a rude wake-up call for many businesses. It highlighted the very real need for regular IT updates, management, and security protocols.

No system is infallible; just a few characters of code can mean the difference between a secure and a breached work system. Company leaders can minimize risk through continued IT training, scheduled maintenance, and device management software.

Edited by Cassandra Tucker
Related Articles

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More

Making Connections - The Value of Data Correlation

By: Special Guest    1/5/2018

The app economy is upon us, and businesses of all stripes are moving to address it. In this age of digital transformation, businesses rely on applicat…

Read More