Do smart phones put warfighters in more danger?
Security weaknesses in commercial mobile devices must be addressed before DOD can make them widely available on the battlefield.
While the Army is leading the way for the Defense Department’s use of commercial smart phones, several security concerns remain unanswered, experts say.
One of the dangers is that compromised smart phones could be used to track soldiers’ movements or spy on meetings via the device’s cameras and microphones. Another risk might be proximity threats — the ability for hackers and other adversaries to remotely compromise a device.
Related coverage:
Army marches smart phones, apps to the battlefield
“It’s a pretty scary set of possibilities if you’re an adversary,” said Dmitri Alperovitch, vice president of threat research at McAfee.
Rising threats include rogue applications, dozens of which were recently found in Google’s app store, Alperovitch said. There are also Internet-based threats such as malware and malicious websites.
DOD security concerns center on the government’s limited ability to control unmodified commercial wireless devices. For example, Apple iPhones are a closed system of proprietary software and hardware that cannot be easily modified. Open-source Android-based platforms are somewhat easier to program, but the challenge is that all Android devices are already slightly modified to run on their particular platforms, he said.
Although the government has the option to build its own operating systems, that is expensive, time-consuming and incompatible with the Army’s goal of a flexible, market-based approach, Alperovitch said.
There are techniques that can mitigate outside threats to smart phones. Those include deploying and managing DOD- or government-owned and vetted application stores, using e-mail encryption, and building custom versions of the Android operating system and enforcing them across DOD. The government can also work with vendors such as Google and Apple from the beginning. Alperovitch noted that Google is working with the government to improve the security of its software applications for a number of projects.