U.S. Military Wants To Secure Soldiers' Smartphones
With smartphones being the fastest growing electronic products nowadays, outnumbering "dumb" phones, these are also powerful computers with the ability to do most of the ordinary day-to-day computing needs of consumers. This means that they also outnumber PCs and laptops. This being said, they are ripe targets for malware, viruses, trojans, and thieves. Smartphones are getting to be more important than wallets since they can carry more information than the latter, and information in these are much more valuable than the money and identification inside your wallet.
All the more if those involved in sensitive and security areas use smartphones. We have heard about intelligence agents misplacing their laptops that carry classified computers, how much more if the information are stored in smaller, lighter, and easily-stolen smartphones? Soldiers become attractive targets for those who have the motivation far from monetary incentives, and willing to know more about intelligence information that can be used against them.
This being said, the Defense Advanced Research Projects Agency (DARPA), the agency which gave us the Internet, is concerned about information being leaked out of soldiers' smartphones. The U.S. Military cannot ban the use of smartphones knowing that these are important in their soldiers' personal lives --- being able to communicate to their families and keep digital personal mementos. These are also ready off-the-shelf products that can be used for tactical purposes since the military is already developing tactical applications that can help soldiers become more effective in the battlefield with real-time intelligence. Rather than developing their own smartphone as GI-issue, the military can save more with the use of existing smartphones already in the hands of soldiers. It is just a matter of securing them from spooks and malware.
Smartphones transmit a lot of information without you knowing it, such as locations services that help you navigate your way. Social media apps get into your contact lists to inform your friends that you are already a subscriber of their services. There are APIs for the operating systems of smartphones that those involved in cyberwarfare can exploit. Individual hackers and nation-states with cyberwarfare programs in place can use this against you.
DARPA, according to the New York Times, assigned a company based in Virginia, called Invincea, to help them harden Android mobile devices (smartphones and tablets). The first of these is to prevent leakage of information in case of theft or loss. This means easier encryption of sensitive and contact information and if lost, the phone will be filled up with useless data.
The next in the "hardening" process is to prevent malware from being accidentally installed as some can trick harmless applications to transmit information to other servers other than their own. So this means that contacts, locations, documents, and other sensitive information cannot be downloaded once this protection is in place. I don't know if existing anti-virus apps already in use for smartphones can do the job, but there will be some malware that existing commercial anti-malware applications might not detect especially those made by nation-states. The examples of these are the Stuxnet and Flame malware that struck Iranian computers and many say were created by Israel and the United States. China is also one of the prime suspects at creating malware given its aggressive espionage via digital tools.
Another will be malware that will allow a remote takeover of the smartphone allowing the hacker to give commands and download information that will either give false information, or keep on transmitting sensitive information.
It's going to be silent war, as defending computers and smarthphones are usually reactive responses to attacks rather than preventive ones. As many in the cybersecurity industry say, it's always a game of catch up, with the bad people always ahead in creating malware and exploits whenever a security hole is found. There's no such thing as a 100%-secure software or operating system and the best one is one that is shutdown and under lock and key. The problem with existing off-the-shelf products is that they use open protocols that every developer in the world knows about. If a closed protocol can be implemented, then it might be possible, but then it will entail more money through in-house development rather than use existing commercial products.