A recent probe by the Department of Homeland Security’s Office of the Inspector General has sparked pushback from U.S. Immigration and Customs Enforcement (ICE) over findings that the agency’s mobile device security practices may be putting government information at risk.
According to a report by The Register, the inspector general’s report, released October 30, highlighted “urgent issues” with ICE’s management of nearly 10,000 mobile devices used by employees and contractors. Auditors found thousands of unauthorized applications on the devices, including messaging apps, file-sharing services, and apps associated with foreign adversaries like China and Russia.
Inspectors said these unauthorized apps could potentially collect, monitor, and distribute sensitive ICE information outside of the agency’s secured containers. The report concluded that lack of oversight of personally downloaded apps introduced significant espionage, leak, and hacking risks.
ICE denied the allegations of errors or data breaches from the app
ICE quickly disputed the report’s findings, saying there is no evidence of nefarious activity or data breaches stemming from the unauthorized apps. An agency spokesperson said ICE has multi-layered security controls in place, including mobile device management software, secured containers on all devices, and continuous monitoring of app behavior.
“At all times, ICE had visibility of the actions and behavior of third-party applications on ICE devices,” an agency representative said.
While acknowledging some progress in addressing vulnerabilities, inspectors said risks remain until ICE fully addresses shortcomings in its oversight of user-installed apps.
The probe focused on a sample of 250 ICE-issued mobile devices during a nearly four-month period between April and August 2022. Auditors found over 180 devices were not correctly configured with the required security controls.
The report comes amid mounting espionage concerns and efforts to ban apps linked to foreign adversaries, including China. The use of the video-sharing app TikTok, owned by Chinese company ByteDance, was recently prohibited on government devices over data privacy and national security concerns.
ICE said that following the probe, it took swift action to disable prohibited apps and strengthen its mobile device management. However, inspectors said additional steps are needed to mitigate risks associated with unauthorized apps on ICE devices.
Featured Image Credit: Photo by Marek Levak; Pexels; Thank you!