Officials find flaws in almost every first responder app
The Department of Homeland Security and the Science and Technology Directorate said they found security flaws in almost every lifesaving app they analyzed
By FireRescue1 Staff
WASHINGTON — Officials gave numerous first responder apps security updates after studying several and finding flaws in almost every app they looked at.
The Department of Homeland Security teamed up with the Science and Technology Directorate and analyzed the most popular first responder apps. They found that out of the 33 unidentified apps, 32 contained security flaws such as access to the device camera, contacts or SMS messages. Android and iOS versions of apps were counted separately.
Around 18 of the flawed apps contained “critical flaws,” including Wi-Fi attack vulnerability and the inability to change credentials.
The project was a joint effort by Homeland Security Advanced Research Project Agency’s Cyber Security Division, S&T’s First Responder Group, Association of Public-Safety Communications Officials and Kryptowire, who developed an app-vetting platform funded by S&T.
APCO selected the popular apps that were created by 20 developers offered through AppComm, APCO’s public safety app directory. The apps studied were not listed in the report.
Project leaders helped app developers address the vulnerabilities, and 10 developers so far have successfully remediated their apps.
“This pilot project illustrates the efficacy, benefits and value an ongoing app-testing program will provide to the public-safety community and the nation,” S&T’s Mobile Security Research and Development Program Manager Vincent Sritapan said.
“As more apps are adopted for public-safety missions, it is critical that a formal, ongoing app-evaluation process with incentives for developer participation be adopted to ensure current and new mobile apps are free of vulnerabilities,” S&T FRG Next Generation First Responder Apex program director John Merrill said.
The study concluded that first responder apps are vulnerable, but working with the developers to fix the issues through this kind of program after semi-automated testing of the apps can be effective.