Top Mobile Security Stories of 2019

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.

Top Mobile Security Stories of 2019

Cybercriminals are increasingly and successfully targeting mobile users, as our look back on the Top 10 2019 mobile security stories show. For enterprises that are embracing an ever-more-mobile workforce, escalating mobile attack vectors significantly widen the threat landscape, and are forcing companies to rethink what their security requirements need to be. For consumers, greater awareness is their only hope to protect their personal data.

Apple Takes Bug Bounty Public

In December, Apple officially opened its historically private bug-bounty program to the public, while boosting its top payout to $1 million (for a zero-click remote chain with full kernel execution and persistence on Apple’s latest shipping hardware). The payouts are a huge step up from the private program’s paltry $200,000 top reward – but the tech giant is looking for full working exploits with any vulnerability submission. Other payouts range from $25,000 to $500,000 across a range of products, including Macs, iPhone and iPad, and Apple TV.

Apple Bugs Proliferate

Speaking of Apple bugs, iOS vulnerabilities turned up throughout 2019, including the “AirDoS” bug that allows nearby hackers to render iPhones and iPads inoperable, via the file-swapping feature AirDrop. In June, an iMessage bug came to light that bricks iPhones running older versions of the company’s iOS software; and five other iMessage bugs were found that required no user interaction to exploit, including one that would allow remote attackers to access content stored on iOS devices. Also, a total of 14 iPhone vulnerabilities – including two that were zero-days when disclosed in February – were found to be targeted by five exploit chains in a watering hole attack that lasted years.

WhatsApp Faces Down the NSO Group

In May, WhatsApp is warned users about a zero-day vulnerability found in its messaging platform was exploited by attackers who were able to inject spyware onto victims’ phones in targeted campaigns. Later in the year, WhatsApp owner Facebook sued the Israeli company NSO Group, alleging that it developed the surveillance code itself and used vulnerable WhatsApp servers to send malware to approximately 1,400 mobile devices, targeting human rights defenders, journalists and other members of civil society worldwide. NSO’s president later took indirect aim at WhatsApp over the issue in a conference session.

StrandHogg Impersonates Android Apps

This fall, researchers found a new Android vulnerability called StrandHogg that could allow malware to pose as popular apps and ask for various permissions – enabling hackers to listen in on users, take photos, read and send SMS messages, and basically take over various functions as if they are the device’s owner. The wrinkle is that the activity overlays and masquerades as a mobile app, such as Facebook, that a person would use regularly. The flaw affects all Android devices, including those running Android 10, and puts the top 500 most popular apps at risk.

The Checkra1n Jailbreak

A BootROM vulnerability for iPhone dubbed “checkm8” was disclosed this year – an un-patchable bug affecting hundreds of millions of iPhones that gives attackers system-level access to handsets via an unblockable jailbreak hack. An exploit soon emerged, called checkra1n, which would allow users to bypass DRM restrictions to run unauthorized and custom software. Checkra1n also makes users susceptible to rogue or unstable apps downloaded from outside of Apple’s curated App Store. Meanwhile, a fake website purporting to enable iPhone users to download checkra1n (but ultimately downloading a gaming app bent on click fraud) made the rounds.

Mobile Phishing Kits Emerge

April saw a new wrinkle in the mobile landscape: Mobile-first phishing. A kit that specifically targets Verizon Wireless customers in the U.S. pushes phishing links to users via email, masquerading as messages from Verizon Customer Support. These are tailored to mobile viewing: When the malicious URL is opened on a desktop, it looks sloppy and obviously not legitimate – however, when opened on a mobile device, it looks like what you would expect from a Verizon customer support application.

Spotlight on 5G

This year for the first time, security for 5G networks became a top conversation topic. The next-gen mobile technology promises ultra-low-latency and exponentially faster throughput to pave the way for new enterprise use cases and applications, including remote telesurgery, self-driving cars, electricity on-demand and more. However, in these scenarios, a cyberattack can literally be a matter of life or death. With many of the security protocols and algorithms for 5G are being ported from the previous 4G standard, researchers have already found 5G flaws allowing device fingerprinting and man-in-the-middle (MiTM) offensives.

Data-Scraping Apps

Earlier this year, Twitter and Facebook warned of software development kits (SDKs) that could be embedded within a mobile application and used to scrape profile information, such as email addresses, usernames, gender, last tweets and so on. The SDKs, which the tech giants said are maintained by oneAudience and MobiBurn, violate both companies’ data privacy policies, which prohibit allowing third parties to harvest profile information for data monetization purposes. That was a change implemented in the wake of the Cambridge Analytica scandal, and the issue continued the debate around social media privacy.

Retina X Stalkerware

In its first crackdown on “stalkerware,” the FTC has banned the sale of three apps – marketed to monitor children and employees – that can be installed on devices to track their owners’ location, activity and more. The apps come from a company called Retina-X Studios, and the FTC said that since the apps were designed to run surreptitiously in the background, they’re are uniquely suited to illegal and dangerous uses, especially in domestic violence situations. Meanwhile in November, the Coalition Against Stalkerware formed to help victims of stalkerware, instances of which have increased more than 300 percent in 2019.

Biometrics Bypasses

While fingerprint sensors and FaceID are touted as providing the best available mobile security, 2019 saw a few bypasses of the technology. The Samsung Galaxy S10 fingerprint sensor for instance was shown to be fooled in a hack involving a 3D printed fingerprint cloned from a wineglass. And Samsung admitted later in the year that anyone can bypass the Galaxy S10 fingerprint sensor if a third-party silicon case is enclosing the phone. In October, Google came under fire for its Pixel 4 facial recognition unlock feature, which users said would unlock for users even if their eyes were closed. And in August, researchers revealed a bypass for Apple’s FaceID.

IoT Company Wyze Leaks Emails, Device Data of 2.4 M

The Internet of Things vendor confirmed that customer data was left unsecured on an Elasticsearch database.

An exposed Elasticsearch database, owned by Internet of Things (IoT) company Wyze, was discovered leaking connected device information and emails of millions of customers.

Wyze makes smart home cameras and connected devices like connected bulbs and plugs, which can be integrated with smart home assistants like Amazon Alexa and Google Assistant. The database, which was exposed on Dec. 4 until it was secured on Dec. 26, contained customer emails along with camera nicknames, WiFi SSIDs (Service Set Identifiers; or the names of Wi-Fi networks), Wyze device information, and body metrics “for a small number of product beta testers” who were testing new hardware, according to Wyze.

Up to 2.4 million Wyze users were reportedly exposed. Wyze did not confirm that number other than to say “some Wyze user data” was impacted; Threatpost has reached out for further comment.

“To help manage the extremely fast growth of Wyze, we recently initiated a new internal project to find better ways to measure basic business metrics like device activations, failed connection rates, etc.,” Wyze said in a blog post over the weekend. “We copied some data from our main production servers and put it into a more flexible database that is easier to query. This new data table was protected when it was originally created. However, a mistake was made by a Wyze employee on December 4th when they were using this database and the previous security protocols for this data were removed. We are still looking into this event to figure out why and how this happened.”

Also exposed in the database were Alexa tokens for 24,000 users, which allows users to integrate their Alexa devices with their Wyze cameras. Wyze said that there is no evidence that API tokens for iOS and Android were exposed, but the company decided to refresh them as “a precautionary measure.”

“Yesterday evening, we forced all Wyze users to log back into their Wyze account to generate new tokens,” said Wyze. “We also unlinked all 3rd party integrations which caused users to relink integrations with Alexa, The Google Assistant, and IFTTT to regain functionality of these services. As an additional step, we are taking action to improve camera security which will cause your camera to reboot in the coming days.”

The database did not contain user passwords or government-regulated personal or financial information, according to Wyze.

However, security experts like Troy Hunt, founder of, say the data leak is “serious.”

Troy Hunt@troyhunt

This one impacting @WyzeCam looks pretty serious. Original public disclosure (which looks like it may have been made prematurely) is here: …WyzeUtopia and Power Wyze was founded as a camera company in 2017 with an HQ in Seattle, WA. They state clearly in no uncertain terms on their website that this was to be as close to as possible Amazon…blog.12security.comWyze@WyzeCamReplying to @WyzeCamEveryone should be required to login to their Wyze app again due to a security precaution taken this afternoon. You can learn more here: …4312:53 AM – Dec 27, 2019Twitter Ads info and privacy39 people are talking about this

Wyze said that they were first contacted about the data leak via a support ticket on Dec. 26  by a reporter at, a news website that “provides reviews, testing and software for selecting and using video surveillance products.”

IPVM posted an article detailing the exposed data “almost immediately after” informing Wyze of the leak. The article was based on a post by Texas-based consulting firm Twelve Security, also published Dec. 26, which detailed the leak.

Wyze stressed that several statements outlined in these articles are not true, including reports that Wyze sends data to Alibaba Cloud, collects information about bone density and daily protein intake, and that the company had a similar breach six months ago.

Moving forward, Wyze said on Sunday that it is sending email notifications to all affected customers and “will provide further updates as we continue forward with our investigation.”

“Again, we are deeply sorry for this situation,” said Wyze. “Thank you for your patience as we work through this process. We have been reading through everyone’s comments and are continuing to work together on methods to improve our security and ensure that similar occurrences never happen again.”

Critical Citric Bug Puts 80,000 Corporate LANs at Risk

The flaw resides in the Citrix Application Delivery Controller and Gateway.

Digital workspace and enterprise networks vendor Citrix has announced a critical vulnerability in the Citrix Application Delivery Controller (ADC) and Citrix Gateway. If exploited, it could allow unauthenticated attackers to gain remote access to a company’s local network and carry out arbitrary code execution.

The Citrix products (formerly the NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to Mikhail Klyuchnikov, a researcher at Positive Technologies. The U.S accounts for about 38 percent of vulnerable organizations.

“This attack does not require access to any accounts, and therefore can be performed by any external attacker,” he noted in research released on Tuesday. “This vulnerability allows any unauthorized attacker to not only access published applications, but also attack other resources of the company’s internal network from the Citrix server.”

While neither Citrix nor Positive Technologies released technical details on the bug (CVE-2019-19781), they said it affects all supported versions of the product, and all supported platforms, including Citrix ADC and Citrix Gateway 13.0, Citrix ADC and NetScaler Gateway 12.1, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1, and also Citrix NetScaler ADC and NetScaler Gateway 10.5, according to the research.

“Citrix applications are widely used in corporate networks,” said Dmitry Serebryannikov, director of security audit department at Positive Technologies, in a statement. “This includes their use for providing terminal access of employees to internal company applications from any device via the internet. Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat.”

Citrix released a set of measures to mitigate the vulnerability, including software updates, according to the researchers.

The vendor made security news earlier this year when cyberattackers used password-spraying techniques to make off with 6TB of internal documents and other data. The attackers intermittently accessed Citrix’ infrastructure between October 13, 2018 and March 8, the company said, and the crooks “principally stole business documents and files from a company shared network drive that has been used to store current and historical business documents, as well as a drive associated with a web-based tool used in our consulting practice.”

Password-spraying is a related type of attack to brute-forcing and credential-stuffing. Instead of trying a large number of passwords against a single account, in password-spraying the adversary will try a single commonly used password (such as “123456”) against many accounts. If unsuccessful, a second password will be tried, and so on until accounts are cracked. This “low and slow” method is used to avoid account lock-outs stemming from too many failed login attempts.

In the case of Citrix, which has always specialized in federated architectures, the FBI surmised in March that the attackers likely gained a foothold with limited access, and then worked to circumvent additional layers of security. That was backed up by evidence that the attackers were trying to pivot to other areas of the infrastructure.

Twitter Fixes Bug That Enabled Takeover of Android App Accounts

Twitter for Android users are urged to update their app to fend off a security bug that allows hackers to access private account data and control accounts to send tweets and direct messages.

Twitter for Android users are being urged to update their app to avoid a security bug that allows a malicious user to access private account data and could also allow an attacker to take control of accounts to send tweets and direct messages. The warning comes from Twitter who said there are no indications the flaw was exploited and that the fix requires a simple app update.

The company said impacted Twitter users will be contacted via email or via Twitter itself if they are vulnerable to attack. Some users impacted by the bug were sent a message that read: “Please update to the latest version of Twitter for Android as soon as possible to make sure your account is secure.”

In a post late last week, Twitter said to exploit the flaw a hacker must first insert malicious code into a restricted storage areas of the Twitter app. The company did not disclose any further technical details of the hack.

According to Twitter Support, the bug impacts older versions of Android and that versions 7.93.4 (KitKat – released Nov. 4, 2019) and version 8.18 (Lollipop – released Oct. 21, 2019) and after have already been updated with the fix. According to the Google Play download page for Twitter for Android the app was last updated Dec. 17, 2019.

Twitter also reminded users that it does not support Twitter for Android running on versions of Android older than KitKat, released October 31, 2013.

“If you’re unable to update your app, use We’re sorry about this and we’ll continue working to keep your information secure on Twitter,” Twitter Support wrote via Twitter.

Top 10 IoT Disasters of 2019

IoT Disasters 2019

Though more light was shed around insecure Internet of Things (IoT) devices in 2019 – consequently leading to more calls for regulation– connected devices themselves seemingly stayed just as insecure. From privacy concerns in smart home devices, to botnets evolving to launch stronger and larger Distributed Denial of Service (DDoS) attacks on vulnerable connected devices worldwide, IoT devices continue to pose a top security threat this year. Here are the top 10 IoT disasters of 2019.

Continued Mirai Botnet Growth

The infamous Mirai IoT botnet continued growing in 2019 while also changing up its tactics, techniques and procedures. In fact, according to researchers, Mirai activity nearly doubled between the first quarter of 2018 and the first quarter of 2019. Mirai, which first burst on the scene in 2016 in a widescale DDoS attack that knocked several well-known websites offline, has also expanded its techniques over the past year to target more processors and more enterprise-level hardware.

Smart Deadbolts Open Homes to Danger

Researchers uncovered vulnerabilities in a popular smart deadbolt could allow attackers to remotely unlock doors and break into homes. The manufacturer behind the smart lock, Hickory Hardware, has deployed patches to the affected apps on the Google Play Store and Apple App Store. It’s not the only smart deadbolt this year to have vulnerabilities – in June, researchers warned that smart door lock Ultraloq, made by U-tec, had a glitch allowing attackers to track down where the device is being used and virtually pick the lock.

‘Systemic’ Privacy Flaws Found in Popular IoT Devices

In January, researchers alleged a bevy of popular consumer connected devices sold at major retailers such as Walmart and Best Buy are riddled with security holes and privacy issues. In analyzing 12 different IoT devices, researchers reported security failures that ranged from a lack of encryption for data and missing encryption certificate validations. The devices included smart cameras, plugs and security systems from various manufacturers, including iHome, Merkury, Momentum, Oco, Practecol, TP-Link, Vivitar, Wyze and Zmodo.

Privacy Concerns For IoT Hotel Devices

Several incidents involving connected cameras and devices in hotels and Airbnbs spurred privacy concerns in 2019, including a flaw in a hotel’s in-room Tapia robots, used in lieu of human staff, which could be hacked to spy on room guests. In a related incident, Airbnb came under fire in 2019 after guests reported hidden connected cameras recording them in the Airbnb houses they were staying in. Finally, in 2019 four people were arrested for taking secret videos of guests at motels and live-streaming them to paying audiences.

All Things Ring

2019 saw an explosion of privacy issues and scandals for Amazon-owned Ring. Researchers found a several flaws in the IoT device, including one that allowed attackers to spy on families, or one that exposed Wi-Fi network passwords. But Ring’s privacy policies also brought the company under fire: Ring has acknowledged that it’s partnering with more than 600 police departments across the country to allow them to request access to camera footage from camera owners, and in November, several U.S. Senators demanded that Amazon disclose how it’s securing Ring home-security device footage – and who is allowed to access that footage.

Malware Bricks Thousands of IoT Devices

A 14-year-old hacker used a new strain of malware in June to brick up to 4,000 insecure Internet of Things devices – before abruptly shutting down his command-and-control server. The malware, dubbed Silex, targeted insecure IoT devices and rendered them unusable (much like the BrickerBot malware in 2017). Specifically targeted were Internet of Things (IoT) devices running on the Linux or Unix operating systems,  which had known or guessable default passwords. The malware would trash the devices’ storage, remove their firewalls and network configuration, and finally fully halt them.

Smart Toys Aren’t So Fun

Connected toys continue to be insecure. In December, researchers said that various connected toys for children had deep-rooted security issues, including missing authentication for device pairing and a lack of encryption for connected online accounts. And at Black Hat USA 2019, researchers showcased glitches in the LeapPad Ultimate, a rugged tablet made by LeapFrog that targets children with an array of education, game and eBook apps, which could allow bad actors to track the devices, send messages to children or launch man-in-the-middle attacks.

IoT Smartwatches’ Continued Creepiness

Even more connected smartwatches for children were discovered exposing personal and location data of kids – opening the door for various insidious threats. That includes the M2 smartwatch, made by Chinese manufacturer Shenzhen Smart Care Technology Ltd., which had flaws that could leak users’ personal and GPS data, and allow attackers to listen in on and manipulate conversations. Smartwatch TicTocTrack was also discovered to be riddled with security issues that could allow hackers to track and call children.

Smart Speakers: Employees Listening In

Smart speakers from Amazon, Google and Apple all came under criticism this year after investigations found that employees at the companies can listen in on conversations. In April, Amazon was thrust into the spotlight for a similar reason, after a report revealed the company employs thousands of auditors to listen to Echo users’ voice recordings. Apple’s Siri and Google Home also came under fire for similar reasons, with reports emerging that Google employees could capture audio of domestic violence or confidential business calls.

2 Million IoT Devices Vulnerable to Complete Takeover

Researchers say over 2 million IP security cameras, baby monitors and smart doorbells have serious vulnerabilities that could enable an attacker to hijack the devices and spy on their owners — and there’s currently no known patch for the shared flaws. The attack stems from peer-to-peer (P2P) communication technology in all of these Internet of Things (IoT) devices, which allows them to be accessed without any manual configuration. The particular P2P solution that they use, iLnkP2P, is developed by Shenzhen Yunni Technology and contains two vulnerabilities that could allow remote hackers to find and take over vulnerable cameras used in the devices.

Honda Leaks Data of 26K North American Customers

The leaky database was online for about a week, exposing customers’ vehicles information and personal identifiable information.

An exposed database was discovered leaking the personal information of 26,000 North American Honda owners and their vehicles. The Elasticsearch database in question is owned by the American Honda Motor Co., a North American subsidiary of the Honda Motor Co.

The cloud misconfiguration exposed the full names, email addresses, mailing addresses and phone numbers of vehicle owners, as well as vehicle makes and models, VIN numbers, agreement IDs and other service information. The server also contained some internal logs and maintenance records.

“The records appear to have been exposed for over a week, which would have allowed malicious parties ample time to copy the data for their own purposes if they found it,” security researcher Bob Diachenko said in a Wednesday analysis. “We don’t know if any other unauthorized parties accessed the database while it was not secured.”

The database was a data-logging and monitoring server for telematics services for North America, covering the process for new customer enrollment as well as internal logs. It was discovered accessible online to anyone with a web browser.

Diachenko first discovered the unprotected database on Dec. 11 and notified Honda’s security team on Dec. 12. The server was shut down the next day.

While Diachenko estimated that there were 976 million total records in the database, Honda in a statement to the researcher said that there were roughly 26,000 unique consumer related records. This number was approximated by eliminating duplicate information and data that did not contain consumer PII (personal identifiable information), according to Honda.

“We quickly investigated this issue, determined the specific breach in protocol, and took immediate steps to address the vulnerability,” Honda said in a statement. “All data in this database is now secure. We can also say with certainty that there was no financial, credit card or password information exposed on this database.”

However, the server on which the database resides was misconfigured on Oct. 21, leaving the information open for the taking for a week. If malicious third parties were able to access the data, it could lead to an array of attacks – most notably, using the customer PII data for highly targeted phishing attacks, security experts said.

“While there is no evidence of this information being exfiltrated by malicious actors, Honda’s database was left exposed for more than a week,” Anurag Kahol, CTO at Bitglass, said in an email. “This is more than enough time for cybercriminals to discover, harvest and abuse the data. Unfortunately, the PII that was exposed includes full names, email addresses and phone numbers, all which can be used to launch highly targeted phishing attacks. This also leaves consumers vulnerable to identity theft, account hijacking and other types of cyberattacks well into the future.”

It’s only the latest security faux pas to hit Honda. In July, an unsecured database was found leaking crucial information about Honda’s global systems, including which devices aren’t up-to-date or protected by security solutions.

And in 2018, a Honda affiliate in India left two Amazon S3 buckets misconfigured for more than a year, affecting 50,000 users of the Honda Connect App, which is used to manage automobile service and maintenance. Honda was also affected by the WannaCry ransomware incident in 2017, which forced it to shut down production at one of its Japanese plants.

“Honda is continuing to perform due diligence, and if it is determined that data was compromised, we will take appropriate actions in accordance with relevant laws and regulations. We will continue to work on proactive security measures to prevent similar incidents in the future,” Honda said in its statement.

FIN8 Targets Card Data at Fuel Pumps

Paying at the pump has landed in the sights of the notorious PoS-skimming group.

The notorious FIN8 cybercrime group has a new target when it comes to skimming payment-card details from consumers: Point-of-sale (PoS) systems used at fuel pumps at gas stations.

Visa warned this week in a public alert posted online that its Payment Fraud Disruption (PFD) department has seen at least two separate campaigns emerging this past summer that targeted fuel pumps.

“PFD recently reported on the observed increase of PoS attacks against fuel dispenser merchants, and it is likely these merchants are an increasingly attractive target for cybercrime groups,” according to the Visa alert.

Webinar Promotion for December

Researchers attributed the attacks to FIN8, the financially motivated threat group whose typical mode of attack is to steal payment-card data from PoS environments, particularly those of retailers, restaurants and hospitality providers.  The group has been active since at least 2016, but appeared to go quiet for a while in late 2017 before emerging again earlier this year with a raft of new tools and new attacks, starting with several in the hotel industry detected in July.

Visa researchers recovered command-and-control (C2) domains previously used by FIN8 in threat activity from the attacks they observed, pointing to their involvement. Some of the malware used in the attack that created a temporary output file, wmsetup.tmp, to scrape payment data also was associated with malware and tactics previously used by the group, according to Visa.

The first attack compromised the PoS system of “a North American fuel dispenser merchant” using a phishing email sent to an employee that included a malicious link. Once clicked on, the ink installed a remote access trojan (RAT) on the merchant network, which allowed the attackers access. Once they were inside the system, the threat actors found credentials on the corporate network and were able to move laterally into the PoS environment, which was not difficult to do because the system lacked segmentation between the cardholder data environment (CDE) and corporate network, according to Visa. Attackers then used a RAM scraper to harvest payment-card data from the PoS system.

The second attack had a similar target – a North American gas-pump dispenser – but Visa PFD researchers said they were unsure of how attackers gained initial access to the merchant’s network environment. However, in a similar way, the threat actors moved laterally to the PoS network and used a RAM scraper to steal customer card information, according to Visa.

This attack was slightly different from the first, however, in that the merchant accepted both chip transactions at the in-store terminals and magnetic stripe transactions at fuel pumps. The malware used by attackers targeted data from the magnetic-stripe transactions specifically, while those using chips transactions in-store were left unscathed from the attack.

Even before Visa’s warning of increased attacks, there has been evidence of the rise of fuel pumps as targets for cybercriminals. Since their inception, these systems have proven to be a rather easy target for threat actors due to their inherent lack of security, with a ramp up of attacks that started early last year.

In fact, in both of the two recent pump incidents, researchers observed security flaws on the part of the merchants that put payment-card data at risk, including lack of secure acceptance technology – such as EMV chip, point-to-point encryption or tokenization – and non-compliance with PCI DSS, according to the alert.

In addition to payment-card scrapers used in these recent attacks, researchers also have previously observed the widespread use of Bluetooth-enabled skimmers to steal payment information from fuel pumps, according to a published report.

Airforce Software Innovation Arm Officially Opens in Downtown San Antonio

LevelUp Code Works, the U.S. Air Force’s arm that aims to deliver rapidly deployable software to support Air Force and Department of Defense missions in downtown San Antonio, opened its doors on Dec. 10.

The Air Force conducts studies on software deployment, and its latest one did not send information to war fighters fast enough, according to U.S. Air Force Maj. Gen. Michael J. Schmidt, the program executive officer for command, control, communications, intelligence and networks, or C3I&N, based in Hanscom Air Force Base in Massachusetts.

“LevelUp Code Works’ most important people are our cyber warriors,” Air Force Col. Abel Carreiro, senior materiel leader of the cryptologic and cyber systems division of C3I&N at Joint Base San Antonio – Lackland said during the event that heavily featured one cybersecurity representative from each branch of the military.

The LevelUp team includes military, civilians and a wide range of industry partners spanning traditional national defense companies to nontraditional small ones.

“This is like a Christmas present that will keep on giving, not just for San Antonio, but for our national defense,” San Antonio Councilman Clayton Perry and one of the chairs for San Antonio’s military transformation task force said during the event.

LevelUp fits in with the cybersecurity work that has been done here for more than 20 years, said San Antonio Chamber of Commerce President and CEO Richard Perez, another chair of the military transformation task force. He said that the Chamber helped LevelUp communicate with the city regarding permitting issues.

As previously reported by the Business Journal, LevelUp will have a software factory called Platform One, which provides a set of tools and services for software developers across the Air Force. Platform One will be replicated to Air Force program offices to allow them to develop, secure, deploy, and operate applications, also known as DevSecOps, technology.

LevelUp will use the software factory to develop capabilities for the Air Force and Department of Defense in conjunction with civilian software developers.

“Any time you pair the government or military with the private sector, you’re able to get a better product,” said U.S. Army Col. Peter Velesky, the deputy commander for JBSA