The U.S. Department of Homeland Security (DHS) on Monday revealed it was instrumental in helping to identify a wide range of security flaws, which were discovered in dozens of potentially life saving “first-responder” apps available for download on the iOS and Google Play app stores.
According to DHS’ official press release, the agency’s Science and Technology Directorate indicated that the flaws were discovered in 32 of the 33 most popular first-responder apps surveyed.
“The pilot-testing project discovered potential security and privacy concerns — such as access to the device camera, contacts or Short Message Service messages — in 32 of 33 popular apps that were tested,” DHS said in its official press release announcing the findings.
The agency went on to add that of the 33 apps tested, 18 were deemed to have “critical flaws,” such as unchangeable certificate credentials or vulnerability to attacks over Wi-Fi.
The findings were conveyed in DHS recent report, titled “Securing Mobile Applications for First-Responders,” which was a collaborative research effort between DHS, The Association of Public-Safety, and mobile security firm, Kryptowire.
The study, DHS says, was conducted in part to acknowledge the importance of these apps — and how, in cases of emergency, first responders such as paramedics and police often rely on them to “share information and help save lives.” DHS says it was crucial, therefore, to ensure these apps are safe from vulnerabilities; and “As more apps are adopted for public-safety missions,” it’s critical that an “ongoing app-evaluation process with incentives for developer participation” be formulated and adopted to “ensure current and new mobile apps are free of vulnerabilities,” added DHS’ Director of Science and Technology, John Merrill.
Since the findings went public Monday morning, CNET reports that approximately 10 developers — who’re collectively responsible for 14 of the 32 flawed apps — have provided updates to patch their respective issues.
from iDrop News http://ift.tt/2z5kQ6z
via IFTTT
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.