Back in 2014 a vulnerability in iOS 7.0.6 was discovered that affected iPhones, iPads and other Apple Mobile devices.
This vulnerability was called the GOTO FAIL bug and affected all Apple devices running this or prior operating system versions. The bug allowed an attacker to intercept encrypted communications using SSL certificates.
This customer had to determine which Mobile Devices their employees were using and whether those devices were affected by this vulnerability.
The customer turned to Quadrotech’s Reporting solution, specifically the Mobile Devices by OS reports to identify which of their employees were affected by this vulnerability.
They created a set of customised filters for the Mobile Devices by OS report that reported all Apple Mobile Devices that did not have the latest version of iOS installed. This report was scheduled to be emailed out to the Help Desk team every morning.
As the customer was an existing Quadrotech Reporting customer they were able to respond to this vulnerability in minutes by simply adding filters to Quadrotech Reporting pre-existing Mobile OS reports.
Every day the Help Desk team received a list containing the Names, Email Addresses, Phone Numbers and Mobile Device type for everyone in the company that had a vulnerable Apple device. The report enabled them to respond pro-actively, contacting every employee on the list and guiding them through the process to upgrade their operating system. Their quick responses reduced the risk to any corporate data that might have been compromised by an attacker through this vulnerability.
In a little over 3 weeks, the number of vulnerable devices dropped from over 20,000 to under 500. Each day the automated report contained fewer and fewer names. This was also used to track and report progress on this issue to the CIO in daily IT meetings. This customer explained to Quadrotech how they were using our reports to respond to this vulnerability and we were so impressed that we created a Saved Report within the application for all our customers so that they too could use this process within their own organizations.