Pentagon finds shocking and dangerous misuse of government smartphones
No measures in place to stop reckless use of official US government devices, report claims
The Pentagon has found that employees at the Department of Defense (DoD) are guilty of using their business smartphones in unauthorized ways, putting national security at risk.
A report from the Department of Defense Inspector General (DoDIG), the agency responsible for auditing the DoD, uncovered the use of unauthorized apps and services across workers' smartphones on a huge scale.
Moreover, there was little infrastructure or policies in place which allowed the DoD to control and manage the use of these devices, and users were not given adequate training on their acceptable and safe operation.
TechRadar Pro needs you!
We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.
D. Athow, Managing Editor
Unauthorized apps
Unmanaged apps such as those related to shopping, gaming, VPNs and - bizarrely - "luxury yacht dealer applications" were installed on work phones, and unapproved messaging apps were being used for official communications, all of which contravenes DoD regulations and poses cybersecurity risks.
The main issue regarding these apps, highlighted the report, is that they often have often have permissions allowing access to the other information stored on the phone, such as contact lists, photos and GPS data.
Other apps also explicitly had malicious features that were known about, or contained potentially inappropriate content, such as that related to video streaming and gambling.
More worrying was perhaps the lack of oversight cited in the report, commenting that the DoD did not manage device use effectively, nor did it warn employees of the potential dangers of misusing work devices.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
"DoD personnel may inadvertently lose or intentionally delete important DoD communications on unmanaged messaging applications. Additionally, mobile applications that are misused by DoD personnel or are compromised by malicious actors can expose DoD information or introduce malware to DoD systems."
The report's recommendations going forward was to forward messages from unsanctioned to sanctioned messaging apps and delete them, and that access to public app stores should not be granted "without a justifiable need."
It also advised that a list of approved apps for official business be written, and that policies be updated relating to phone and app usage, as well training "on the responsible and effective use of mobile devices and applications" be given.
This is certainly not the first time the DoD has been reprimanded for its lax attitude to wards cybersecurity. In 2021, the former director of the department's Defense Digital Service wing had sanctioned the use of "an unmanaged mobile application for official DoD business, in violation of DoD electronic messaging and records retention policies."
Also, more recently, another audit, this time of the US Department of the Interior, found that password practices were pretty woeful, with many able to be cracked fairly easily with standard hacking methods.
- Keep your organization safe with the best endpoint protection
Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.