Watchdog Says DHS Intelligence Office Left Smartphones Vulnerable to Attacks
Smartphones used by DHS intelligence staff were left exposed to attack paths, while 76% of installed apps were banned and one app set had 375,000 downloads.
Smartphones inside the Department of Homeland Security’s intelligence arm were left exposed to cyberattacks, creating a direct national-security risk inside an office that handles sensitive government information and shares data across agencies and front-line partners. The department’s watchdog said the devices were not properly secured, warning that weak configuration, maintenance and use could open the door to phishing, malware, account compromise and unauthorized access to messages or documents.
The Department of Homeland Security Office of Inspector General said the Office of Intelligence and Analysis had not taken the security precautions needed for the material it handles. The report did not say a public breach had occurred, but it found the safeguards in place were not strong enough for an intelligence office where speed and convenience often matter. That weakness is especially dangerous on phones, which now sit at the center of field work, communications and data sharing.
The scale of the problem made the finding more troubling. Apps developed by the intelligence office were widely shared in public app stores with first responders and were downloaded 375,000 times. Another red flag was compliance: 76% of the apps installed on smartphones used by the intelligence office were outright banned. Taken together, those figures point to a broader breakdown in mobile-device discipline, not a narrow software glitch.
The latest warning also landed against a record of earlier failures. On Sept. 26, 2024, the watchdog said Immigration and Customs Enforcement did not always manage and secure mobile devices to prevent unauthorized access to sensitive information, and that the information on those devices may be more vulnerable to unauthorized access and cyberattacks. On Sept. 17, 2024, the inspector general issued report OIG-24-55, saying I&A needed to improve its security inspection program to reduce the risk of unauthorized access to classified information. In that case, the office concurred with both recommendations, but recommendation 1 remained open and unresolved while recommendation 2 was open and resolved.
The watchdog’s active project, titled Office of Intelligence and Analysis (I&A) Mobile Device Management and Security, is aimed at determining the extent to which I&A manages and secures its mobile devices. The report said copies would go to congressional committees with oversight and appropriations responsibility over DHS, setting up fresh scrutiny for Under Secretary Kenneth L. Wainstein and Inspector General Joseph V. Cuffari as lawmakers press for answers on what devices were affected, what rules were ignored and whether the weaknesses were fixed after fieldwork in 2023 and 2024.
Know something we missed? Have a correction or additional information?
Submit a Tip
