What’s lurking in federal mobile tech? Apps, devices could hold nasty surprises.
A discovery by Department of Homeland Security techs shows that federal agencies could get some nasty surprises as they prepare for a new reporting mandate assessing the security of their mobile devices and apps. When security specialists from the DHS Science and Technology Directorate’s mobile security research and development team scanned the MyTSA mobile app, they found hard-coded credentials, program manager Vincent Sritapan said Thursday at the Red Hat Government Symposium presented by FedScoop. “What does this mean? This means … you are exposing the backend,” Sritapan said, referring to the fact that, in many applications, credentials erroneously hard-coded into the software can be a backdoor into the data that apps collect and to their cloud-based functionality. The MyTSA app is designed to let airline passengers get crowdsourced or historical data about wait-times at airport security checkpoints. It includes a searchable database of items that can and can’t go in checked or carry-on bags. It’s unclear how much or what data was […]
The post What’s lurking in federal mobile tech? Apps, devices could hold nasty surprises. appeared first on Cyberscoop.
Continue reading What’s lurking in federal mobile tech? Apps, devices could hold nasty surprises.