Skip to main content

Pentagon finds shocking and dangerous misuse of government smartphones

The Pentagon has found that employees at the Department of Defense (DoD) are guilty of using their business smartphones in unauthorized ways, putting national security at risk. 

A report from the Department of Defense Inspector General (DoDIG), the agency responsible for auditing the DoD, uncovered the use of unauthorized apps and services across workers' smartphones on a huge scale.

Moreover, there was little infrastructure or policies in place which allowed the DoD to control and manage the use of these devices, and users were not given adequate training on their acceptable and safe operation.

Unauthorized apps

Unmanaged apps such as those related to shopping, gaming, VPNs and - bizarrely - "luxury yacht dealer applications" were installed on work phones, and unapproved messaging apps were being used for official communications, all of which contravenes DoD regulations and poses cybersecurity risks. 

The main issue regarding these apps, highlighted the report, is that they often have often have permissions allowing access to the other information stored on the phone, such as contact lists, photos and GPS data. 

Other apps also explicitly had malicious features that were known about, or contained potentially inappropriate content, such as that related to video streaming and gambling. 

More worrying was perhaps the lack of oversight cited in the report, commenting that the DoD did not manage device use effectively, nor did it warn employees of the potential dangers of misusing work devices. 

"DoD personnel may inadvertently lose or intentionally delete important DoD communications on unmanaged messaging applications. Additionally, mobile applications that are misused by DoD personnel or are compromised by malicious actors can expose DoD information or introduce malware to DoD systems."

Read more

> US government agencies are falling victim to some very obvious attacks

> US government launches Bureau of Cyberspace and Digital Policy

> The US government is building an AI sandbox to tackle cybercrime

The report's recommendations going forward was to forward messages from unsanctioned to sanctioned messaging apps and delete them, and that access to public app stores should not be granted "without a justifiable need."

It also advised that a list of approved apps for official business be written, and that policies be updated relating to phone and app usage, as well training "on the responsible and effective use of mobile devices and applications" be given.

This is certainly not the first time the DoD has been reprimanded for its lax attitude to wards cybersecurity. In 2021, the former director of the department's Defense Digital Service wing had sanctioned the use of "an unmanaged mobile application for official DoD business, in violation of DoD electronic messaging and records retention policies."

Also, more recently, another audit, this time of the US Department of the Interior, found that password practices were pretty woeful, with many able to be cracked fairly easily with standard hacking methods.



Comments

Post a Comment

Popular posts from this blog

Windows Copilot leak suggests deeper assimilation with Windows 11 features

Key Windows 11 features may soon be customizable as Microsoft further integrates its Windows Copilot AI assistant into the operating system. This tidbit comes from tech news site Windows Latest , which claims to have discovered new .json (JavaScript Object Notation) files within recent preview builds of Windows 11. These files apparently hint at future upgrades for the desktop AI assistant. For example, a “TaskManagerService-ai-plugin.json” was found which is supposedly a “plugin for Task Manager integration”. If this ever comes out, it could give users the ability to “monitor or close running apps using” Copilot. In total, six are currently tested and they affect various aspects of Windows 11. Next, there is an “AccessbilityTools-ai-plugin.json” that gives Copilot a way to “control accessibility [tools]. This would make it "easier for those with [a] disability to navigate through the system.” Third is “ai-plugin-WindowsSettings.json” for controlling important Windows 11 set...
Post a Comment
Read more

Google Chrome releases security fix for this major flaw, so update now

Google says it has fixed a high-severity flaw in its Chrome browser which is currently being exploited by threat actors in the wild.  In a security advisory , the company described the flaw being abused and urged the users to apply the fix immediately.  "Google is aware that an exploit for CVE-2023-2033 exists in the wild," the advisory reads. Automatic updates The zero-day in question is a confusion weakness vulnerability in the Chrome V8 JavaScript engine, the company said. Usually, this type of flaw can be used to crash the browser, but in this case it can also be used to run arbitrary code on compromised endpoints.  The flaw was discovered by Clement Lecigne from the Google Threat Analysis Group (TAG). Usually, TAG works on finding flaws abused by nation-states, or state-sponsored threat actors. There is no word on who the threat actors abusing this flaw are, though. Read more > Patch Google Chrome now to fix this emergency security flaw > Emergency...
Post a Comment
Read more

Samsung's ViewFinity S9 may be the monitor creatives have been searching for

Originally revealed during CES 2023 , Samsung has finally launched its ViewFinity S9 5K monitor after nine long months of waiting.  According to the announcement, the ViewFinity S9 is the company’s first-ever 5K resolution (5,120 x 2880 pixels) IPS display aimed primarily at creatives. IPS stands for in-plane switching , a form of LED tech offering some of the best color output and viewing angles on the market. This quality is highlighted by the fact that the 27-inch screen supports 99 percent of the DCI-P3 color gamut plus delivers 600 nits of brightness.  Altogether, these deliver great picture quality made vibrant by saturated colors and dark shadows. The cherry on top for the ViewFinity S9 is a Matte Display coating to “drastically [reduce] light reflections.”  As a direct rival to the Apple Studio Display , the monitor is an alternative for creative professionals looking for options. It appears Samsung has done its homework as the ViewFinity S9 addresses some of...
Post a Comment
Read more