Latest in Gear

Image credit: DARPAtv/YouTube

Android apps used by troops in combat contained vulnerabilities

A whistleblower warned about the issues for a year before being acknowledged.
171 Shares
Share
Tweet
Share
Save

Sponsored Links

DARPAtv/YouTube

Two Android apps used by the US military in live combat situations contained severe vulnerabilities that could have allowed attackers to gain access to troops' information, a Navy Inspector General report revealed. The mobile apps offered real-time messaging to coordinate with other military branches, displayed mission objectives and goals, showed satellite images of surroundings and highlighted locations of nearby enemy and friendly forces.

According to the report, first published in March but made public today by ZDNet, the two apps in question are called KILSWITCH (Kinetic Integrated Low-Cost Software Integrated Tactical Combat Handheld) and APASS (Android Precision Assault Strike Suite) and were made available to military members through an app store managed by the National Geospatial-Intelligence Agency. A DARPA video on YouTube demonstrates one of the apps in action.

The apps were reportedly only meant for training exercises, so the developers were lax with security practices. Because of the slick interface and features, the apps became popular with US troops and allied forces and started to be used in live combat situations.

The Navy Inspector General determined most military branches failed to properly inform troops about the apps, which resulted in them being used in inappropriate settings. Perhaps the most troubling part of the report though was the IG's finding that a whistleblower had been warning about the security lapses for more than a year.

Anthony Kim, a civilian program analyst for the Naval Air Warfare Center Weapons Division (NAWCWD), first raised concerns about the apps in March 2017. He was ignored but kept raising the issue, only to get punished each time. Kim was scolded, had his pay reduced, placed on leave and eventually had his pay suspended and security clearance revoked. The report vindicated Kim and got his security reinstated.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
171 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Nearby nuclear sensors went silent after Russia's mystery explosion

Nearby nuclear sensors went silent after Russia's mystery explosion

View
Apple Card launch expands to all US iPhone users

Apple Card launch expands to all US iPhone users

View
Playing 'The Witcher 3' on the Switch shouldn't work, but it does

Playing 'The Witcher 3' on the Switch shouldn't work, but it does

View
Grammarly's keyboard suggests synonyms to make you feel smart

Grammarly's keyboard suggests synonyms to make you feel smart

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr