Skip to main content

US Army used Android apps with security flaws

(Image credit: Image Credit: Wesley.elliott / Wikimedia)

A new report from the Navy Inspector General has revealed that Android apps used by US military personnel in live combat situations contained severe security vulnerabilities that could have been exploited by hackers to steal information on the troops.

The two apps provided real-time messaging capabilities to coordinate with other branches of the military, displayed mission objectives and goals, showed satellite images of mission areas and highlighted both the locations of enemy combatants as well as those of friendly forces.

The report, which was first published back in March and made public by ZDNet today, identified the vulnerable apps as KILSWITCH (Kinetic Integrated Low-Cost Software Integrated Tactical Combat Handheld) and APASS (Android Precision Assault Strike Suite).

Both apps were made available to members of the military through an app store controlled by the National Geospatial-Intelligence Agency.

For training exercises only

Due to the fact that the apps were designed solely for training purposes, the developers cut corners when it came to their security. However, the apps' sleek interface and useful features led them to become popular with US troops who then used them in live combat situations despite the security risks.

In its report, the Office of the Naval Inspector General determined that most branches of the military failed to properly inform troops about the apps' shortcomings. 

To make matters worse, a civilian whistle-blower had been warning the US military about the apps for over a year.

Civilian program analyst for the Naval Air Warfare Center Weapons Division (NAWCWD), Anthony Kim raised his concerns about the apps back in March of 2017. Unfortunately he was ignored by his superiors and punished for repeatedly raising the alarm which led to his pay being reduced, him being placed on leave and eventually his security clearance was revoked.

Via Engadget