The Department of Homeland Security has announced a pilot project called “Securing Mobile Applications for First Responders” that looked into cybersecurity threats affecting public-safety apps. “The pilot sought to determine the degree to which the selected public-safety apps are vulnerable to cyberattack,” the Department explained. During this pilot, the team found that 32 out of 33 popular first responder apps contained security and privacy issues.
This pilot project was conducted in association with several groups, including the Association of Public-Safety Communications Officials, otherwise known as APCO. A study into potentially vulnerable public-safety apps involved APCO choosing 33 popular options available for Android and iOS.
These apps were made by 20 total developers, in some cases involving the same app counted separately for iOS and Android. Of those 33 apps, the team found that 32 of them contained “potential security and privacy concerns.” These issues spanned different aspects of the apps, such as involving the device’s camera, contacts lists, or even SMS messages.
Of the 32 vulnerable apps, 18 were found to have “critical flaws” that included credentials hard-coded in binary. Others were susceptible to man-in-the-middle attacks. In light of these problems, the project leaders worked with the developers behind these apps to address the problems.
The steps used to address the vulnerabilities included things like getting rid of old code and using integrated security offered by the OS. Ultimately, 14 of the above 32 apps had their security and/or privacy vulnerabilities addressed. The apps weren’t named.