Apps Used in Combat by U.S. Troops Were Vulnerable to Cyber Attacks

December 19, 2018

OSC today sent a letter to the President and to Congress alerting them that two software applications widely used in military operations have  significant uncorrected cybersecurity vulnerabilities.

The U.S. Office of Special Counsel (OSC) today sent a letter to the President and to Congress alerting them that two software applications widely used in military operations have significant uncorrected cybersecurity vulnerabilities. A whistleblower notified OSC of security weaknesses in two commonly used apps known as KILSWITCH/APASS asserting that the Navy failed to control the distribution of the unauthorized software to U.S. military personnel who used it in combat. An investigation by the Navy fully substantiated the whistleblower’s allegations.

“When Navy leadership was made aware of software vulnerabilities, it failed to take sufficient action to warn U.S. military personnel or to safeguard sensitive data,” said Special Counsel Henry J. Kerner. “Thanks to a brave whistleblower who spoke up, the Navy is now taking the cyber threat posed by these apps seriously and ensuring security measures are in place.”

The investigation found that KILSWITCH/APASS has been broadly used in military operations and has significant cybersecurity vulnerabilities that have not been effectively mitigated. The investigation also found that Navy software developers provided inaccurate, incomplete, and misleading information to operational units in advocating for the distribution and adoption of this insecure software.

In response, the Navy has issued directions mandating that the software only be utilized with proper security measures in place.