DHS project catches 18 first-responder apps with ‘critical’ cyber flaws

A pilot project launched by the Department of Homeland Security (DHS) has discovered critical flaws in 18 mobile applications used by public safety officials to respond to emergencies.

The department’s Science and Technology Directorate established the program in order to test how vulnerable smartphone apps used in the public safety sector are to cyberattack, including ransomware and spyware, and whether certain apps have coding vulnerabilities that could compromise device security, expose sensitive data, or allow for spying. 

DHS announced Monday that 32 of the 33 popular iOS and Android apps tested raised security and privacy concerns. The program turned up “critical flaws” in 18 of the apps, including some that made apps vulnerable to what are called “man-in-the-middle” attacks — which occur when a hacker intercepts communications between two systems. The apps in question were not named or described. 

The project was launched three months ago by DHS in partnership with the Association of Public Safety Communications Officials and Kryptowire, a mobile app vetting company. 

DHS said that project participants have worked with developers to address security and privacy concerns in 14 of the applications. 

Vincent Sritapan, the Science and Technology Directorate’s program manager for mobile security research, said that the results illustrated “the efficacy, benefits and value an ongoing app-testing program will provide to the public-safety community and the nation.” 

“During the testing phase, numerous cyber vulnerabilities were identified and remediated,” Sritapan added. “This model can be used to ensure all apps used by the public-safety professionals are secured against cyberattacks and other security and privacy weakness.”