Two Android Apps Used In Combat By US Troops Contained Severe Vulnerabilities

According to a Navy Inspector General report, U.S. military troops used two Android apps that contained severe vulnerabilities in live combat scenarios. "The two apps are named KILSWITCH (Kinetic Integrated Low-Cost Software Integrated Tactical Combat Handheld) and APASS (Android Precision Assault Strike Suite)," reports ZDNet. From the report: Both apps work by showing satellite imagery of surroundings, including objectives, mission goals, nearby enemy and friendly forces. The two apps work as a modern-day replacement for radios and paper maps and allow troops to use a real-time messaging client to coordinate with other military branches, and even call in air-strike support with a few simple screen taps, according to a DARPA press release and accompanying YouTube video. The apps have been under development since 2012 and starting 2015, they have been made generally available to all U.S. troops via a public app store managed by the National Geospatial-Intelligence Agency. But according to a Navy Inspector General report from March that was made public today, both apps contained vulnerabilities that could have allowed enemy forces access to troops' information.

The heavily redacted report doesn't detail the nature of the two vulnerabilities, but it does point out that the Navy had failed to control the distribution of these two applications, and later failed to act in warning troops of the danger they were in for almost a year. The report says that the two apps, KILSWITCH and APASS, were never meant or approved to be deployed in live combat zones. But the two apps, because of their flashy features and easier to use interface, became wildly popular among U.S. troops, but also other military branches, including foreign allied forces.

All good

We got our best people on it and similar apps in case they donâ(TM)t work

Somethung you never hear from an app developer

ANDROID + 3rd party apps in COMBAT

This after the fitbit / apple watch debacles mapping bases, IN COMBAT, they're bringing ANDROID along with unknown opsec 3rd party shit. Trump is right, Russia wins, let's all go home. WHAT THE ACTUAL FUCK.

Re:ANDROID + 3rd party apps in COMBAT

Really! That is so incompetent, it has to be intentional! That's some fucked up shit! We are so doomed!

Re:ANDROID + 3rd party apps in COMBAT

It's fake news. For one, you don't take security hazards like an Android into battle and two, you don't ADVERTISE it's flaws to your adversaries on the news if they were real. Some poor SOB's in a tent are gonna be trying to download these apps to hack, and WHAM, a MOAB drops on them out of nowhere.

Things are not what they seem under the fog of war.

Call in airstrike?

An app in a public app store that you can use to call in an airstrike? Seems like a delightful change of pace from the usual fart apps that are so common.

Re:Call in airstrike?

[Joe_Dragon]

Coming soon to the call in list.
Fighter Combat
Guerrilla Engagement
Desert Warfare
Air-To-Ground Actions
Theaterwide Tactical Warfare
Theaterwide Biotoxic And Chemical Warfare
Global Thermonuclear War

Mind Boggling Idiocy

[rtb61]

What they really failed to cover was the ramifications of a hack, firing on friendly forces, would have been the result. Do no put idiot failed jock strap douche bags in charge of computer equipment, catastrophic failure is guaranteed but I know, the problem, really smart people have no interest in running around killing people.

Re:Mind Boggling Idiocy

[WolfgangVL]

For every 10 triggerpuller "Failed jock-strap douche bags" as you put it, there is a literal army of support personnel. An infantryman is not fooling around with tech like this, that's commos job, and the reason their not all dead is in part because commo don't fuck around with toys like this.

As a commo guy who has deployed to Afghanistan during OEF, I can tell you... The toys are all compromised. Every piece of tech not deemed mission critical is 100% owned by all of the pirated entertainment that gets shuffled around in theater. Every soldier on an outpost has a laptop with enough pirated holywood content on it to shame even the most unabashed pirate back home. It's all traded like baseball cards, and run on any damn thing with a screen that can be found.

Cam rips are "publicly" screened in the USO lounge in Khandahar. There are some real tools that get real field usage, but your not going to read about them on slashdot.

I was given the chance to"Demo" a lot of this kind of toy. At the end of the day they all have the same problem. Reliability. Real fighting men don't use these stupid toys for the same reason they take the scope off their rifle when qualifying with it. They can't be trusted when it counts.

Also, fuck you, you whimpy little bitch. The failed jockstrap douche eating dirt on the other side of the planet is why your ass is still speaking english.

Re:Mind Boggling Idiocy

Draft is the solution for some other countries to educate the conscripts from all facets of the society together in the art of killing and so expanding the understanding of the future developers of software and engineers of systems for such purposes, and the mental and physical limitations and possibilities of their fellow service people and themselves. Potentially increased solidarity in the society over the shared suffering is another positive result.

Screen taps for an air-strike sounds like a recipe for friendly fire and civilian casualties. This whole thing shows that armies should have proper red teams in their ranks to test continuously their systems at the field and during training.

Re:Mind Boggling Idiocy

You never served bitch. This isn't an infantry mission either. You can eat the jockstrap now, faggot, I'll allow it. Begin.

Re:Mind Boggling Idiocy

[AHuxley]

Should the troops not get their entertainment they get distracted. They start to miss home.
The esprit de corps becomes a need for entertainment and how to share entertainment.
US mil networks and computers are then used to "attempt" to copy any new entertainment.
With their own unlimited entertainment that need to be distracted to look for entertainment is reduced.
People feel more happy in the US mil and might even stay longer in the US mil as they have their own entertainment when not on duty.

Bad things happen when a lack of entertainment and lifestyle problems start in mil a camp/fort/base/port.
Should the US mil go back to a total ban on all entertainment? The only mission ready tech that is fully NSA and GCHQ passed and approved?
Back to mil/gov approved movies, books and magazines?
The troops start to look for anyone with entertainment outside the camp/fort/base/port.
People who can go off base to get new and more entertainment become the centre of attention. That breaks rank and unit cohesion as the person who has the new "entertainment" gets to become friends with a lot of people.
Fraud and corruption sets in. MP and CID undercover work has to start again as "entertainment" products become something of value to people who cant often get new and more "entertainment".

The US mil solution to this is to allow "entertainment" to all as it keeps its troops from wondering around outside away from base meeting spies and criminals with endless "entertainment" for sale.
Conversations start, lifestyles and US base gossip spreads. Enemy spies gather a lot from every meeting with US troops seeking more entertainment and a conversation.
US mil equipment can be swapped/sold for "entertainment" too. Good prices, good trade.
Romeo spy networks that offer "entertainment" rather than friendship start around every base.
Once the lifestyles and interests of the entire US mil command structure is understood, enemy spies start to have other conversations.

Re: Mind Boggling Idiocy

Why not just pay Hollywood fifty dollars per movie per soldier and riaa five dollars per single per soldier. Per play, obviously.
Is it because the copyright industry has abused copyright in pricing their goods? Why not scale it back then instead of letting special people ignore the law?

Re:Mind Boggling Idiocy

What's a "commo"? Without a definition of this new, unusual, unique and non-self-explanatory term, the majority of people, like myself, will not understand your rant at all.

Re:Mind Boggling Idiocy

[JaredOfEuropa]

Why would they even allow these apps on equipment that is also used to watch pirated entertainment? This sort of equipment should be locked down, with stuff like Bluetooth (and sometimes WiFi) physically disabled, USB ports locked, and connectivity restricted to the tactical network or whatever. You’ll have a hard time getting compromised apps on these terminals to exploit that weakness, let alone getting your apps to phone home. And that’s nothing new, rules for equipment running stuff at a certain level of classification already exist. If someone decided to distribute this app, which displays objectives, troop positions, fire missions etc. to every soldier on BYOD devices or open military issued ones, then someone “done messed up but good.”

As for soldiers using them, you’re only partly right. They will use these toys if they are deemed useful (the article suggests that this is the case). However if something gets in the way, the software doesn’t work, the network is down or there is a hardware issue, they will drop them in a heartbeat and fall back on other tools. Its not an aversion to high tech (on the contrary, they are just as eager to try new things as the rest of us are). Rather, it’s a low tolerance for defects. In the field, one does not have the time to fiddle around with iffy equipment.

Re:Mind Boggling Idiocy

[drinkypoo]

The failed jockstrap douche eating dirt on the other side of the planet is why your ass is still speaking english.

It really isn't. That douche's primary job is to spread American imperialism and keep the world safe for Big Oil. It's the politicians, shockingly, that keep us out of war.

Re:Mind Boggling Idiocy

Armchair soldiers get really salty when they're called out, don't they? Don't you have some valour to be stealing rather than posting diatribes on Slashdot?

Re: Mind Boggling Idiocy

[Nidi62]

A friend of mine who served in Iraq said you could get ripped DVDs for a couple dollars each off base. 1 out of 4 might not work, but for a couple bucks who cares. These were sold by the locals. You could also buy guns if you really wanted to....

Re:Mind Boggling Idiocy

COMMunincations Officer most likely.

(alternatively COMmunist hoMOsexual but I kind of doubt GP would admit being called that one)

Re:Mind Boggling Idiocy

[swillden]

The failed jockstrap douche eating dirt on the other side of the planet is why your ass is still speaking English.

I support the troops. In fact I did eight years in the reserve myself, including getting orders to Kuwait during Desert Storm (though my unit and I didn't actually go; that's a weird story), and many members of my family serve and have served in active duty, guard and reserve roles, including in active combat theaters. On Memorial Day we raise full-sized, period-appropriate flags over the graves of all of my ancestors who were veterans, and there are a lot of them.

So I'm not disrespecting the military when I say that the quoted statement above is dead wrong.

There has been no serious threat of invasion of the sort that would result in a change of government and change of culture and language in the United States' entire history. Even in WWII there was no serious threat of invasion of the mainland. I suppose if the Axis had succeeded in taking the rest of the world they might have eventually decided to try a strike across the pond, but it would have been tough (less because of the bravery of the American soldier than the productivity of the American worker, but both would have been relevant -- as would the "rifle behind every blade of grass" as the apocryphal quote says). During the Cold War there was some risk of nuclear destruction of the US mainland, but not invasion.

For the vast majority of US history, US military power has all been about projecting power around the world, not defending the homeland. Yes, this has had benefits to people back home, but the benefits have been primarily economic. By encouraging the growth of liberal democracy around the world and an associated atmosphere of international openness, free trade and mutual support, we've made a better world for ourselves and most of the rest of the world. We've all gotten wealthier, happier, safer.

But there have been no threats to our choice of language or culture or form of government. Or our freedom. When people say that soldiers "defend our freedom", they're factually wrong. American soldiers often do defend other peoples' freedom, and always defend our national interests, including economic interests (and, BTW, defending our economic interest is a Good Thing, leftist whining notwithstanding). There's plenty to be lauded in the truth; no reason to make up lies.

No, the only threats to our freedom have been purely domestic. And we can largely thank activists and lawyers for the battles we've won there, not soldiers. And there have been no threats to our choice of spoken language at all. No, not even from immigrants.

Re:Mind Boggling Idiocy

[swillden]

For the vast majority of US history, US military power has all been about projecting power around the world

Hmm. I got a little overenthusiastic here. The US has only been projecting power around the world, really, since the late 19th and early 20th century. At this point that does constitute a majority of the years of the nation's existence, but not a "vast" majority.

Re: Mind Boggling Idiocy

[AHuxley]

The GCHQ had huge problems with this in the 1950-60's.
Low wages and poor working conditions made any person/conversation off base seem a wonderful escape at the end of a long day.
Soviet spies filled the local area as new local "friends".

The fix was to improve condition on base.
Better wages.
To ensure skilled workers on base did not have lifestyle issues before getting trusted to work globally.
It took years and a lot of study to learn why spies could start friendships with staff who got told not to trust anyone.
Another factor was Irish supporters efforts to buy direct from US base staff in the 1970-80's.
A lot of US mil equipment move off base back the Ireland/UK. The Uk had to work very hard in the USA to stop such transferees of US mil equipment.

Huh?

[Brett+Buck]

Who the hell uses cell phone gadget programs (apps) in a life-critical situation? And why are troops in combat carrying cell phones at all? Both are ridiculous security risks, cell phones shouldn't be allowed to be carried at all.

Re:Huh?

Troops have carried cellphones for years, gramps.

Re: Huh?

The more sensitive troops use them to record poetry slams

Re:Huh?

[WolfgangVL]

When I was deployed, a couple of idiot marines used personal cell phones to record themselves degrading prisoners by pissing on them and shit. Fkn stupids posted it to the net. I'm sure you can find it you care to wade through all of that hot garbage.

Personal cellphones possession became and instant article-15 the very next day. At least in my unit.

A few months prior to that, an infantryman butt-dialed his mother during a firefight and left an exciting voicemail. It made the American media and everything.... and nothing happened at all. I bet you can dig that one up as well.

Just goes to show- Your not allowed to hate the enemy, but your expected to hate your life.

Re:Huh?

[AHuxley]

From the user end?
The average IQ of the new troops is at that level that they can only understand the "apps" and GUI they have used for years.
One device lets US troops enjoy images, music and video clips too. Less battery packs and different tech to carry around.
The amount of weight US troops have to carry is getting too much given new politically correct relaxed fitness levels.
The new troops cant carry much so wight is saved by using one consumer GUI to do a lot more.
Teaching a new US mil only GUI was not working so the US mil went back to something everyone could use?
Todays version of the Project 100,000 troops https://en.wikipedia.org/wiki/... only like a GUI they have been using for years.
That would be the very best guess.

From the code creation side?
The US mil wanted an easy to use GUI and then went back over what code existed and this is the result. Low cost code use that's easy to "teach" at a set IQ level in a few weeks.

The GCHQ, NSA, CIA, MI6 idea?
Let see who takes the "bait" and attempts to use the software to find US troops in real time. SAS, US special forces clean up globally using cyber bait..
The FBI waits to see who looks at the apps inside the USA and then starts asking questions, doing searches.

The weight is getting too much for US troops so its time to consider the use of one "tech" in many ways.
The US mil is using a lot of cell phone tech globally and having too many battery packs. Heavy secure crypto devices are getting to be too heavy with all the new weapons, food, water, lots of different batteries, body armour.
A GUI on one device that can do mil and consumer networks saves weight and battery packs.
When lost, found, sold, given away by US troops the enemy gets nothing new/unique/interesting.

Re:Huh?

I'm just glad they learned their lesson and aren't using any other Android programs in combat situations.

Re:Huh?

When I was deployed, a couple of idiot marines used personal cell phones to record themselves degrading prisoners by pissing on them and shit. Fkn stupids posted it to the net. I'm sure you can find it you care to wade through all of that hot garbage.

Which do you consider stupid, the torture or the posting of the footage?

Why would anyone want to wade through hot garbage to see it? Do Americans consider this quality entertainment now?

Airstrikes for car dealers & payday lenders?

[raymorris]

"call in air-strike support with a few simple screen taps" ...
"The two apps, KILSWITCH and APASS, were never meant or approved to be deployed in combat zones."

So it has an "airstrike" button, but it was never meant to be used in war zones. Where, exactly was it meant to be used? I suppose it would be useful for handling used car dealers and pay day lenders?

One is called ...

[PPH]

... Angry Kurds.

Re:One is called ...

Be-jewed is quite popular too.

Re:One is called ...

Yo bitch, Trump just turned his back on all US allies at once and gave Putin massive presents. You traitors will hang soon, don't worry. Enjoy your joke at our ally's expense as we abandon them I guess, faggot traitor apologists.

Re:One is called ...

[bn-7bc]

Thei might, or they might not, but the same *or allmost same) copy/pastre comment in every discussion here does nothing but annoy people, so may I ask: what is the purpose of these posts?

Re:One is called ...

To remind everyone that Nixon never saw a day of jail. Nor did Ronald Reagan. Nor did Hillary Clinton. And Obama drone-killed a US citizen without due process. America gon' be America.

Re:Airstrikes for car dealers & payday lenders

So it has an "airstrike" button, but it was never meant to be used in war zones. Where, exactly was it meant to be used?

Probably the schools. No wait, they're war zones too. How 'bout gay night clubs in Miami? Nope... I know! The churches... Oh damn!... A trailer park?... Suburbia.. Fuck! Every place is a war zone! Does Android do nukes?

Android?

It's Android, it literally a surveillance engine for Google, the core OS components are spyware, what they failed to cover is if Google sells the data the way the Facebook app sells the data.

Every country in the world, knows what troops are where, their families, their kids, their special training, their CV, phone numbers of their friends and families, restaurants they've eaten at,.... the lot. All would be for sale.

Now that Mattis has resigned, perhaps we can learn the real deal behind Putin's attack on US troops. Since the bigger issue with security is when the chain of command itself is compromised.

https://www.bloomberg.com/opinion/articles/2018-02-16/russia-attacked-u-s-troops-in-syria

I'm guessing it went something like: Putin attacks US troops, Putin and Trump blame ISIS, Trump pulls troops out of Syria, Putin gets Syria on a plate. Presumably that was the game there. But US didn't suffer any casualties as hoped, so Trump didn't get his cover story.

Re:Android?

You are retarded.

Re:Android?

[johnsie]

He's actually not. If you have an Android device I highly recommend paying a visit to https://myactivity.google.com/ Putin is the strongest leader in the world right now, because they dominate in cyber warfare and he's a baddass. Trump is nothing more than a glorified reality tv star and a lardass.

Android is trash

what else is new?

Dual use network?

[AHuxley]

The NSA and GCHQ did not say this would be a bad idea as bad people use the "internet" looking for anything US "mil"?
Want a new network for the US mil, build your own encrypted and secret network.
Let the spies use the "internet".
Don't let other nations spies and criminals find anything about your mil on the "internet".

track me not

[AndyKron]

They get their software from a public app store? Do they get targeted ads during combat?

Re:track me not

They get their software from a public app store? Do they get targeted ads during combat?

I see what you did there...

great, so the war should be over by 2039

now that this problem is sorted out, im sure theres nothing between us and certain victory

Doesn't matter if 'enemy' is 3rd world country

Doesn't really matter if the US invading troops are basically running roughshod over a poorly armed adversary in the 3rd world countries that it attacks. There's no one there wasting their energy dicking around with cyber attacks on iPhone and Android Apps that a bunch of trigger happy combat 'vets' may or may not be using in between their turkey shoots on the local population.

Not surprising

You shouldn't trust Android. Or anything Linux based. This sort of thing is bound to happen with Linux devices.

Re:Airstrikes for car dealers & payday lenders

[Dunbal]

Yemen. Other people's war zones don't count.

is it really a problem?

Details are lacking, but I feel sure they are talking about Android devices being used on the secure military network, not on the public internet. If the secure battlefield network is penetrated, you're likely hosed anyway.

Those names

Seems like the developers spent far more time coming up with cute acronyms for the app name than they did applying any military spec validation process. What was the DoD thinking signing off on these?

Re:Airstrikes for car dealers & payday lenders

[johnsie]

Yemen is just Semen spelled wrong.

Encrypt the end-to-end communications channel

[najajomo]

The solution being to encrypt the end-to-end communications channel.

Re:Encrypt the end-to-end communications channel

If they're accessing military satellite data, this isn't on the internet. It's on the very secure military secret network used for battlefield operations. So, yeh, solved.

DDD Disinformation Decoy and Deception

The Vietnamese DID manage to pretend to be American enough to call in strikes on Americans. How easy would it be to change the color of the bad guys and have shelling blow each other up. Dead easy. Android is security vomit, and will never be safe. It would also be lethal to assume Apple iphone apps are OK in the field.
As an aside, how much stray RF eminates from a cheap Android device - enough to rain down shells by DF?

Re:Airstrikes for car dealers & payday lenders

Training exercises.

Re:Airstrikes for car dealers & payday lenders

War games.

They almost certainly meant that it had been approved for use in exercises and war games in order to evaluate it with the intent of determining whether it would be approved for use in combat, but had not yet approved it's use in combat situations likely in fear of problems like this exact vulnerability.