You would think the nation’s military would move with lightning speed to patch cell phones vulnerable to hackers, particularly after recent disclosures thatChinese hackers harvested the personal information of 21.5 million U.S. government employees and Iran’s Revolutionary Guard broke into the Obama Administration’s social media accounts.
You would be wrong.
For nearly five months, military officials and officers have continued to use phones that can be attacked by the “Stagefright” bugs, a collection of flaws in the phones’ software code that gives attackers access to everything that flows through compromised devices. The bugs can expose those devices to hackers through a simple text message or a visit to the wrong web site.
We asked the various players in the supply chain that winds from phone makers, to Google to cell phone carriers to the Pentagon why the military’s devices were still vulnerable to the bugs. Not surprisingly, perhaps, everyone blamed someone other than themselves.
This much is clear. The problem arose because the military is now getting its cell phones from the same carriers and manufacturers that serve civilians. Several of them, including Verizon, AT&T, Sprint, and T-Mobile, have been slow to address the Stagefright vulnerabilities in the older model Android phones that are used by nearly 1,000 military officials and officers to discuss classified matters. While the federal government at large has a choice between those carriers, Verizon is the military’s carrier of choice within the United States.
Civilian customers simply upgrade their phones when a patch is released, but military users must wait until the Pentagon clears the fix.
In the fast-breaking world of hacking, such delays can be an eternity.
Since 2009, the nation’s military has been trying to protect its phone communications with a custom built, encrypted cell phone. The device took five years and $36 million to develop, but by the time it was ready for use, the carriers had upgraded to 4G networks with which it was incompatible. The phone was never widely used in any event; reportedly, it was so difficult to use, many officials left it on the shelf (PDF).