The Ministry of defense could not effectively develop secure mobile apps “taking into account the security requirements.” This is stated in the new ticket for the research Agency defense information systems, the text of which read RT. In this regard, the Pentagon plans to create tools for software development for their employees. Meanwhile, the Russian experts noted that this project does not solve the problem of the unreliability of mobile applications, however, can help the agencies of the Pentagon to explain where to spend the allocated budget money.
The Pentagon plans to work on creating secure mobile applications. This is stated in the new ticket for the research Agency defense information systems. Thus, the Agency intends to accelerate the process of software development (SOFTWARE) by creating a special development environment.
It is also noted that at the moment the Pentagon has no tools for creating secure software for their needs.
“The U.S. Department of defense currently has no effective way of development approved applications for the mobile environment, the Ministry of defense with the requirements of the security development process”, — the document says.
The document stated that the main objective of the project — preparation of “prototype development environment software based on web technologies to create secure mobile applications”, which would be compatible with the mechanism of providing mobile access to unclassified data from the Ministry of defense (DMUC).
The final product must be “minimally” include the environment of developing applications for Apple iOS and Android. However, she must also have tools to automatically check the created programs for compliance with information security requirements who demand the NSA and the Pentagon.
However, access to this environment should be from anywhere in the world and all the software developers received permission for the creation of applications for the U.S. military.
Users of mobile devices of the Ministry of defence “must have secure access to tools and services that they are accustomed to working on their desktops and laptops,” States the application.
An attempt to answer threats
In some cases, employees of the military Department, using a mobile application, to disclose or risk losing not only their personal data but also strategically important for the state information. This was in conversation with RT told the Colonel of Federal Agency for government communications and information (FAPSI), a retired expert in online exploration, Andrey Masalovich.
“Any app, even checked — still a spy. That is a big part of the application monitors the location, microphone, camera. For military in many cases it is critical, accordingly, it is necessary to control what data is collected and transmitted to the outside,” — said the expert.
In particular, according to him, the devices used by the military should be blocked should reference as it can give the location of the soldier.
Recall that last year, military analysts have discovered that a special feature fitness apps, which gives users the ability to record the routes of your runs and mark them on the map reveals the location and layout of military bases, which train soldiers.
“Stravа released its global heat map. 13 trillion GPS points that are recorded by their users (the data transmission function can be disabled). Looks very nice, but for operational security is not the best option. US military bases are clearly visible and easily identifiable,” — wrote in his Twitter Australian military analyst Nathan Ruser from the organization IUC Analysts.
An expert in the field of cybersecurity Alexey Lukatsky, in turn, noted that the development of special applications that meet all safety standards, does not solve the problem of the unreliability of mobile devices. According to Lukachko, at the moment the us military is actively using on their phones not specialized operating systems and large programs, and public platforms and applications.
“Given that the United States is quite active on their mobile devices do not use specialized operating systems, and widespread, for example Apple iOS, the question arises: how to protect those applications, which will be produced on a shared operating system. While the Apple iOS is quite closed and Apple does not manufacture it out of their hands. Therefore, to design an app without understanding how secure is the mobile operating system is quite difficult,” — said the expert.
“It is necessary to account for the money”
Washington, as noted by Andrew Masalovich, annually allocates huge sums to various projects of the military departments, that is why the new requests for research are becoming more eloquent suggestions.
“In the military sphere eating a big budget. They need something to report, they’ll formulate some interesting phrases to explain where to now spend money,” — said the expert.
So, in August last year, the Office of advanced research projects of defense (DARPA) has allocated $44 million to develop a new anonymous mobile messenger, resistant to cracking.
“DARPA is looking for proposals for the implementation of innovative researches in the field of encryption and obfuscation of communications to create a mobile communications system that will provide anonymity, be resistant to attack and is fully functional within the network environment”, — the document says.
As noted in the materials of the tender, communication of the interlocutors within the application must be encrypted. In addition, one of the main requirements is the resistance to break-ins, even if the intruders had obtained access to one of the nodes of the system.
Read more •••