Offices within the Biden-era Department of Homeland Security did not effectively secure their employees’ mobile devices, leading to a higher risk of cyberattacks and unauthorized access to sensitive information, according to a new report from the department’s internal watchdog.
Read more Transgender showdown looms at Daughters of the American Revolution’s annual meeting
Appropriate mobile device security settings were not used, and both custom-developed mobile apps that contained vulnerabilities and high-risk apps were downloaded. This could enable a hacker to compromise DHS systems or access unauthorized or sensitive data, according to the report published Monday.
The two offices include the Office of Intelligence and Analysis, responsible for delivering intelligence to its state, local, territorial, tribal and private-sector partners, and the Office of the Chief Information Officer, which provides DHS with IT services such as managing mobile devices.
The Office of the Inspector General report identified security risks found in smartphones and tablets that intelligence staff used during the Biden administration in 2023 and 2024.
Apps on the intelligence office staff’s mobile devices that either posed security risks, were outright prohibited or allowed banned activities made up 76% of apps installed. Such apps included third-party VPNs, private messaging apps, video streamers and game apps.
Additionally, 27% of mobile devices and 44% of mobile device management system security settings did not comply with DHS requirements.
This exposed devices to cybersecurity risks, including unauthorized access and data breaches, the report said.
These deficiencies occurred in part because the intelligence office did not address known vulnerabilities in mobile apps, while the Chief Information Officer’s office did not establish or enforce security policies for mobile devices and supporting infrastructure.
What’s more, neither office ensured that intelligence office devices were authorized and protected for use outside of the U.S., increasing the risk of exploitation by foreign adversaries, according to the report.
Read more Food stamp overpayment rate was 9% last year
“If compromised, a mobile device’s camera, microphone, Global Positioning System, functions, and other sensors could be used to eavesdrop on the user, and the mobile device could be used to steal information or attack DHS systems,” the report reads.
Two apps also developed by the intelligence office and used to share intelligence with law enforcement and first responders had three known vulnerabilities, but were not remediated.
These apps were downloaded over 375,000 times across public app stores as of last December.
A federal mobile app vetting service identified vulnerabilities as early as 2022. Despite knowing about such issues, the intelligence office did not remedy them, exposing users to potential exploitation.
DHS agreed with all of the inspector general’s recommendations and told the watchdog it planned to resolve all the issues that have not been addressed yet by January 2027.
A department spokesperson said the security risks occurred under President Biden.
“DHS has worked diligently to fix the vulnerabilities Democrats created so that we can securely do our jobs in keeping Americans safe and secure in the homeland,” the spokesperson said in a statement.
Read more Socialists draft an aggressive new agenda for the Democratic Party
About the Author
