- US Secret Service personnel use personal devices while conducting official business
- Personal devices are not protected against threats faced by members of the Secret Service
- But government-issued devices are also not equipped for the needs of Secret Service members.
The Department of Homeland Security’s inspector general has released a new report stating that the US Secret Service refuses to use government-furnished equipment (GFE), such as smartphones, because they are not suitable for mission operations.
The report states that GFE fails to “ensure continuous, real-time protection against cyber attacks by adversaries or foreign individuals” and the equipment was found to contain multiple third-party applications with security vulnerabilities that could expose communications.
In order to perform effectively, Secret Service members use personal devices to communicate with law enforcement and each other during missions, but many personal devices are not protected against the threats they face while protecting America’s VIPs.
US government struggles to protect issued phones
But the use of personal devices in professional operations is also very unsafe. These devices often contain the whereabouts of Secret Service personnel and the targets they protect during missions at home and abroad.
Additionally, the devices only have consumer level cyber protection. Because they are not managed or operated by the US government, there is very little protection against commercially available spyware or malware.
In some cases, staff used their personal devices as an access point for their GFE, or used their personal devices to access websites that would otherwise be blocked on their GFE.
The report explains: “If a personal device is jailbroken, infected with malicious code, or not updated on security software, an adversary could intercept the device’s communication. Outdated and vulnerable applications could allow malicious actors to conduct surveillance, track locations, or record employee communications. Connecting to unsecured networks can also allow cybercriminals to access data or install malware.”
The main culprit in Secret Service personnel’s decision not to use GFE was found to be the Secret Service’s Office of the Chief Information Officer (OCIO). According to the report, “GFE mobile devices lacked mission-critical capabilities because the Secret Service OCIO process for evaluating and approving requests did not always correctly identify operational needs.”
Additionally, the expected protocol for most Secret Service members was to use personal devices, so many avoided navigating the bureaucracy of requesting access to communications apps on their GFE, which in turn created a blind spot for OCIO who were unaware that these apps were already being used on such a scale.
The report further found that no Secret Service GFEs were equipped with Mobile Threat Defense software as of August 2025, leaving them exposed to “malicious software,
cyberattacks and other vulnerabilities.”Critical data was also retained on GFE devices after agents returned from overseas missions, despite a policy that the devices must be wiped within 24 hours of returning to the U.S.
Ultimately, the report makes five key recommendations to the Secret Service to improve the security of its operators:
- Introduce a formal policy that ensures all GFEs have the necessary capabilities and software for each mission.
- Ensure all employees complete required cybersecurity training.
- Ensure that the OCIO Secret Service clearly communicates its guidance that the use of personal devices during official activities is prohibited.
- Ensure controls are implemented to wipe devices in accordance with OCIO policy for returning staff
- Subject all GFE mobile app code to an updated vulnerability testing policy
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
