DHS Test Reveals Flaws in Emergency Responder Apps


A pilot test found cyber vulnerabilities or privacy issues in 32 out of 33 apps.

Government and industry testers found software vulnerabilities or privacy issues in 32 out of 33 mobile apps used by emergency responders in a pilot test, the Homeland Security Department revealed Monday.

More than half of those issues were “critical flaws,” such as basic failures to secure user information, according to Homeland Security’s science and technology division.

In some cases, the apps unnecessarily accessed the phones’ cameras, contacts and text messages causing privacy concerns.

The pilot program was organized by Homeland Security’s Advanced Research Project Agency and Science and Technology division, the Association of Public Safety Communications Officials and Kryptowire, a company that developed the app-vetting platform the testers used.

In most cases, the companies with vulnerable apps were able to patch those vulnerabilities in just about an hour, the organizations said.

“As more apps are adopted for public-safety missions, it is critical that a formal, ongoing app-evaluation process with incentives for developer participation be adopted,” John Merrill, Director of the Science and Technology Division’s First Responder Group Next Generation First Responder Apex program, said in a statement.