Skip to Content

The Cold War ain’t over.  

The U.S. Air Force Special Operations Command has cancelled a planned deployment of nearly 3,000 iPad2 tablets after a magazine raised questions about its planned use of a  popular Russian PDF reader software.

That appears to put at risk another  broader deployment of up to 18,000 iPads by the Air Force that would’ve  relied on the same software. 

Widely considered the best mobile PDF reader around, GoodReader – not  to be confused with the mobile device management  software made by Good  Technology – is popular with consumers as well as businesses, schools   and others doing large-scale iPad deployments.

This includes airlines   such as Alaska Airlines and  Delta Airlines that plan to use  GoodReader+iPad as “electronic flight  bags” to replace bulky,  non-searchable paper charts and manuals.  GoodReader has one feature widely desired by those with security  needs: the ability to read files that are protected by encryption. It’s  one reason why the Pentagon is using GoodReader for its iPad test deployments. 

The hangup, of course, is that GoodReader is made by a Moscow-based  firm, Good.iware and its Russian chief developer, Yuri Selukoff. 

Past and present military officials interviewed by NextGov “question why AFSOC, which operates a fleet of specialized gunships and  surveillance aircraft, would allow its pilots to rely on software  developed in Russia. They also questioned the command’s vetting process  for Good.iWare, which one active-duty official pointed out has a website  that lacks basic contact information.” 

“I would not use encryption software developed in Russia ,” said  Michael McCarthy, director of the U.S. Army’s smartphone project,  Connecting Soldiers to Digital Applications. “I don’t want to put users  at risk.” McCarthy said he was concerned about the integrity of the  supply chain with GoodReader. 

“Ha, someone’s still living in 1970, aren’t they?” GoodReader’s  Selukoff replied to an  e-mail from NextGov when asked about security  concerns.  When asked potential for malicious code in GoodReader,   Selukoff replied, “What is this offensive and insulting assumption based   on? Are there any actual facts or complaints that such thing has ever   happened?” 

“I am not affiliated with any government institution,  neither  Russian, nor any other,” he added. “GoodReader doesn’t have any   malicious code built into it. Having said that, I am open to any   security/penetration tests that anyone would be willing to perform on   the app.” 

Don’t touch my Source Code, Bro 

While there’s no word yet, I have to believe that the separate Air  Force iPad deployment, which would’ve used GoodReader as a document  reader for cargo plane pilots for up to 18,000 iPads, is also in big danger of outright cancellation, too. 

Here’s what I think: I actually agree that GoodReader, as it would’ve  been deployed, would’ve  created a potential security risk. But I think  that is true of every mobile app that the Air Force would’ve deployed.  Supply chains are global. Development is outsourced or done by a  rotating cast of young guns. Popular Web stores are attacked or probed  hundreds of times a day by hackers. The net net is that an app can be  compromised any of a hundred ways these days. 

But I don’t think the Air Force needs to do as retired Air Force  brigadier general Bernie Skoch suggested to NextGov, which is to scan  every line of  source code of every mission-critical app to make sure  there is nothing malicious. That’s laborious, especially if you want to  scan every update. 

So what are the solutions? Well, if this is mainly a  political/appearance issue, then the Air Force could go with one of the  many excellent non-Russian-made choices such as PDFexpert or PDF Reader Pro

If it wants to stick with an encryption-capable reader, choose instead Adobe Reader, which was released for iOS last fall. Adobe Reader not only supports 256-bit AES encryption but, unlike the $4.99 GoodReader, is free.

  And if the Air Force is really serious about security, it could also  install strong anti-malware software and Mobile Device Management (MDM)  software like Afaria on its iPads.

The latest MDM software can remotely  lock and wipe lost tablets, encrypt data in motion and at rest, force  the use and renewal of strong passwords, oversee software updates and  patches, and other features. These would all create an extra layer of  protection at a deep, hooked-into-the-iOS level. 

Bottom line: Let’s not throw the baby out  with the bath water. There  are many better steps that the Air Force can explore rather than bowing  to paranoia and political pressure and squashing these iPad deployments  altogether.

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply