Practice raises alarm after Navy IG report confirms hacking vulnerabilities in mapping apps
Special operators and other troops must stop taking their unsecured personal tablets and smart phones into combat after an internal Navy investigation found that mapping applications can be hacked by hostile actors, cybersecurity experts warn.
U.S. special operators and other troops have been using advanced war-fighting mapping applications for the last several years to reduce the time it takes to call in airstrikes and for better situational awareness and communication between ground forces and overhead aircraft.
However, a non-public Navy Inspector General investigation earlier this year found that two of these widely used mapping applications produced by the U.S. Navy have serious vulnerabilities, the Washington Free Beacon first reported earlier this week.
The mapping applications in question are known as known as KILSWITCH and APASS. KILSWITCH is an acronym that stands for Kinetic Integrated Low-cost Software Integrated Tactical Combat Handheld. APASS stands for the Android Precision Assault Strike Suite.
The IG’s findings were cited in a Marine Corps force-wide message in late June warning commanders that the applications are only used on military-issued “hardened” hand-held devices that are not connected to cellular or civilian Wi-Fi networks, not personal devices troops purchased commercially that are far more susceptible to malware and hacking.
All applications and technology contain some level of cybersecurity vulnerabilities, said Dr. Herb Lin, a senior research scholar for cyber policy and security at Stanford University’s Center for International Security and Cooperation and a fellow at the Hoover Institution.
However, in a battlefield situation those risks—in terms of their ability to endanger troops’ and pilots’ lives—increase exponentially when personal tablets and cell phones are being used, he said.
“If [troops] are bringing their own personal devices to work, into combat—what they bought at the Verizon store—that’s an even worse scandal,” he said in an interview. “Those are not hardened [devices], and the military-issued Android devices should be hardened and more secure.”
One special operator, who requested anonymity out of fear of reprisal, told the Free Beacon that the USMC and Navy as a whole are not getting the word out to troops.
“I don’t think people know it’s making them vulnerable,” he said. “It’s not something that is being said widespread, the word hasn’t gotten out, and if it has, it’s not something people are talking a lot about.”
Full article: Cybersecurity Experts: Stop Sending Troops Into Combat With Personal Tablets, Smartphones (Washington Free Beacon)