Troops who bring their personal tablets and smartphones into combat are at risk of being hacked by hostile actors, cybersecurity experts warn.
For years, U.S. special operators and other troops have used advanced war-fighting mapping applications – known as KILSWITCH and APASS – to facilitate communication between ground and air personnel. But an internal Navy Inspector General investigation determined earlier this year that these apps have vulnerabilities that aren’t being acknowledged, the Washington Free Beacon reported.
KILSWITCH stands for Kinetic Integrated Low-Cost Software Integrated Tactical Combat Handheld. APASS stands for the Android Precision Assault Strike.
In late June, the Marines issued a statement advising commanders to only use the apps on military-issued devices rather than commercially purchased devices – which are far more vulnerable to hacking and malware.
To be sure, no devices are completely free of risk. But exposure to vulnerability increases “exponentially” when troops use personal tablets and smartphones, said Dr. Herb Lin, a cybersecurity expert at Stanford University, cited by the Free Beacon. “Those are not hardened [devices], and the military-issued Android devices should be hardened and more secure.”
KILSWITCH and APASS are available for download through the military’s National Geospatial-Intelligence Agency’s “GEOINT App Store.” But many service members were downloading those apps to their personal phones for convenience, said Tom McCuin, a retired public affairs officer for the Army Reserves, in an online essay.
“After all, in a connected age, no soldier or Marine goes to the field without his or her personal electronic device (or devices). It’s so pervasive that I’ve heard soldiers joke about in their PACE plans,” McCuin said.
David Foster, a former Marine Corps pilot, has urged the Navy and all service branches to crack down on using the apps on personal devices, a problem he compared to going into a “cyber vector malaria swamp with all these little surface cuts.”
Still, the warning has failed to resonate.
“I don’t think people know it’s making them vulnerable,” one special operator told the Free Beacon. “It’s not something that is being said widespread, the word hasn’t gotten out, and if it has, it’s not something people are talking a lot about.”
Critics of KILSWITCH and APASS say the geospatial app Android Tactical Assault Kit (ATAK) is a more effective and rigorously tested alternative. According to the Free Beacon, ATAK is the preferred program for the U.S. Special Operations Command (SOCOM).
The revelations coincide this week with that charging of two Chinese nationals who allegedly compromised more than 40 computers in order to steal confidential data from the U.S. Navy, “including the personally identifiable information of more than 100,000 Navy personnel,” said U.S. Attorney Geoffrey S. Berman in a statement.