Cybersecurity Flaws in Mapping Applications
This post is also available in: 
עברית (Hebrew)
U.S. special operators and other troops have been using advanced war-fighting applications for hand-held devices that contain software weaknesses that render them vulnerable to hacking by hostile actors. The mapping applications KILSWITCH and APASS are widely disseminated and used in training and combat among special operators and other forces across the military for several years. The apps are used to accelerate precision targeting and facilitate situational awareness and data-sharing between ground forces and overhead aircraft.
KILSWITCH is an acronym that stands for Kinetic Integrated Low-cost Software Integrated Tactical Combat Handheld. APASS stands for the Android Precision Assault Strike Suite. The apps provide satellite views of a warfighter’s surroundings similar to Google Maps that help pinpoint locations. They also enable forces to talk to each other and share updates in real time like instant messages to provide better situational awareness.
A non-public U.S. Navy Inspector General investigation findings were cited in a Marine Corps force-wide message that warns commanders and officers in charge of cybersecurity for their units to ensure that the applications are only used in a manner consistent with explicit guidelines. Using the apps in an unauthorized way “could present a significant vulnerability in compromising Marine Corps data,” the message states.
The mapping apps with the cybersecurity weaknesses, which were developed by civilian software engineers working for the U.S. Navy, have spread to U.S. allies who are also widely using them, according to several special operators and service members who requested anonymity out of fear of reprisal.
Freebeacon.com cites an 2015 a DoD publication on KILSWITCH and APASS which states that the programs are intended for use on secure, DOD-issued Android devices that are “wirelessly connected through an encrypted internal Wi-Fi network.”
The hacking weaknesses may derive from the widespread downloading of both programs by soldiers onto personal, unencrypted devices because of their ready availability and the apparent indifference or tacit approval of many military commanders to the practice.
