DHS Project Finds Security Vulnerabilities in First Responder Apps

The DHS’s Science and Technology Directorate “Securing Mobile Applications for First Responders” report said that security flaws were discovered on 32 of the 33 popular apps tested.

• By Jessica Davis
• Dec 20, 2017

A pilot project launched by the Department of Homeland Security has discovered critical flaws in 18 mobile apps used by public safety officials to respond to emergencies. The DHS’s Science and Technology Directorate “Securing Mobile Applications for First Responders” report said that security flaws were discovered on 32 of the 33 popular apps tested.

The department established the program in partnership with the Association of Public Safety Communications Officials and mobile app vetting company Kryptowire to test the cyberattacj vulnerability of apps used in the public safety sector. The Mobile Application Security project aims for continuous validation and threat protection for mobile apps and the security integration throughout the lifecycle of these apps.

For their study, participants selected 33 popular iOS and Android apps and tested each app’s security, privacy, and information and device access. Potential security and privacy concerns, such as access to the device camera, contacts or SMS messages, were discovered in 32 of the 33 apps, DHS said. “Critical flaws” were found in 18 of the apps.

Pilot project leaders worked with each app developer to fix the identified vulnerabilities in 14 mobile apps. According to DHS, most developers reported spending about one hour remedying their app’s vulnerabilities, with solutions including the removal of old or unused code, the enabling of built-in security provided by the operating system, and confirmation that the functionality requested is necessary for operations.

Project leaders stressed the usefulness of an ongoing app-testing program for the public safety community and the public at large.

“As more apps are adopted for public-safety missions, it is critical that a formal, ongoing app-evaluation process with incentives for developer participation be adopted to ensure current and new mobile apps are free of vulnerabilities,” said John Merrill, Director of the S&T FRG Next Generation First Responder Apex program.