Security and Privacy
In a Sept. 29 letter, Sens. Chuck Grassley (R-Iowa) and Patrick Leahy (D-Vt.) urged DHS Secretary Jeh Johnson to "adopt a default warrant requirement, as DOJ did" for the use of cellphone duping technology, called stingrays.
With $2.2 million in Homeland Security Department funding, Boeing is partnering with a software company to develop a smartphone "brain chip" to verify that the phone's owner is who they say they are.
The malicious software, called XcodeGhost, infects an app developer's computer and then is incorporated into any app made, without their knowledge. It's a technique first demonstrated at the Central Intelligence Agency's annual top-secret Jamboree conference in 2012.
For instance, the ACLU pointed out that encrypted smartphone apps like Signal and WhatsApp are free and easily downloadable from major app stores, while Apple has built encrypted voice, video and text communications apps into its operating system.
Nearly one-third of respondents from a new survey by Dimensional Research and Dell said federal employees using workarounds are the greatest threat to information technology security in the government.
Stingrays or cell-site simulators are devices that impersonate cellphone towers to pinpoint a cellphone's location. While the department maintained that the technology is critical for certain investigations, the new "enhanced policy" marks a significant shift for the agency.
The department's Science and Technology Directorate said the awards will focus on four technical areas, including mobile device instrumentation, mobile security management tools, transactional security methods, and mobile device layer protection.
Kevin Bankston, director of New America's Open Technology Institute, called smartphone theft a "criminal epidemic," in which there were 3.1 million victims in 2013, nearly double from the prior year.
The federal government is dealing with the growing problem of "shadow BYOD" in which employees are using unsanctioned personal devices to connect to the network and access data.
The National Cybersecurity Center of Excellence is seeking vendor products and technical expertise on three projects that focus on mobile device security, personal identity verification credentials for such devices and access control.