DHS Test Finds Flaws in 32 Out of 33 Emergency Responder Apps
The Department of Homeland Security revealed this week that its pilot test of mobile apps relied upon by emergency responders found security and/or privacy vulnerabilities in 32 of the 33 apps tested. The apps were selected from among the most popular apps offered through AppComm, which is DHS’ directory of public safety apps. Eighteen of the flaws found were said to be “critical” in nature.
“This pilot project illustrates the efficacy, benefits and value an ongoing app-testing program will provide to the public-safety community and the nation,” said Vincent Sritapan, S&T’s Program Manager for Mobile Security Research and Development. “During the testing phase, numerous cyber vulnerabilities were identified and remediated. This model can be used to ensure all apps used by the public-safety professionals are secured against cyberattacks and other security and privacy weaknesses.”
Pilot project leaders worked with each app developer to remediate identified vulnerabilities. So far, ten developers successfully remediated their apps, and as a result of the pilot project, the security and privacy concerns of 14 mobile apps were addressed.
Most developers who fixed their app’s vulnerability(ies) reported investing approximately one hour on remediation. Remediation steps included removing old or unused code, enabling built-in security provided by the operating system, and ensuring the functionality requested is necessary for operations.
“As more apps are adopted for public-safety missions, it is critical that a formal, ongoing app-evaluation process with incentives for developer participation be adopted to ensure current and new mobile apps are free of vulnerabilities,” said John Merrill, Director of the S&T FRG Next Generation First Responder Apex program.
Posted in General News