The Department of Homeland Security found that almost all apps used by emergency professionals have vulnerabilities.
Of the 33 popular first responder apps tested, all but one was found to raise potential security and privacy concerns – and more than half had ‘critical flaws’ …
The DHS explained the reason for the checks.
The pilot [program] sought to determine the degree to which the selected public-safety apps are vulnerable to cyberattacks—malware, ransomware and spyware—or had coding vulnerabilities that could compromise the device’s security, expose personal data or allow for eavesdropping.
The results were far from reassuring.
The pilot-testing project discovered potential security and privacy concerns—such as access to the device camera, contacts or Short Message Service messages—in 32 of 33 popular apps that were tested. Eighteen apps were discovered to have critical flaws such as hard-coded credentials stored in binary, issues with handling Secure Sockets Layer certificates or susceptibility to “man-in-the-middle” attacks.
The good news is that 14 of the apps have been fixed, with one surprising piece of news.
Most developers who fixed their app’s vulnerability(ies) reported investing approximately one hour on remediation. Remediation steps included removing old or unused code, enabling built-in security provided by the operating system, and ensuring the functionality requested is necessary for operations.
More information can be found on the DHS website.