Endpoint Security,
Government,
Industry Specific
Agents Couldn’t Group Chat or Text Foreign Counterparts
In a recent audit, U.S. Secret Service agents were found to be jeopardizing their protective mission by resorting to the use of personal smartphones during foreign trips. This unsettling revelation was highlighted by auditors who attributed the issue to the limitations imposed by the Department of Homeland Security’s Office of the Chief Information Officer (CIO).
The audit, released in a Thursday report, indicated that government-issued devices lacked essential functionalities. Secret Service agents were unable to perform basic tasks such as communicating with foreign counterparts through popular messaging applications like WhatsApp or accessing the internet to research dining options for U.S. officials during overseas engagements. The auditors remarked, “The use of personal devices during foreign assignments had become expected and routine among Secret Service employees.”
The report also detailed issues with government devices affecting operations domestically. It cited a specific two-year period ending in May 2025 when the CIO office significantly restricted agents’ capabilities to send group texts or share pictures. A particular incident was recalled by a Secret Service agent who was present during an attempted assassination of then-presidential candidate Donald Trump in July 2024. He explained that the restrictions on his government device prevented him from instantly forwarding an image of the assailant to his colleagues.
Because of these imposed limitations, agents found it necessary to turn to personal devices, thereby exposing “the Secret Service’s communications, personnel and protectees” to considerable risks. The auditors expressed concerns that utilizing personal devices could lead to several vulnerabilities. “If a personal device is jailbroken, infected with malicious code, or not up to date on security software, an adversary could intercept device communication,” the report stated. Furthermore, outdated or improperly secured applications could potentially enable malicious actors to track agents or record their communications. Some agents reported that they had begun installing VPNs on their personal devices to enhance security; however, auditors cautioned that this decision could inadvertently introduce additional risks.
The situation is alarming, particularly when considering that a U.S. senator recently revealed findings indicating that foreign nations have successfully tracked U.S. military personnel engaged in operations against Iran through geolocation data obtained from their cell phones, purchased from data brokers.
Moreover, the report scrutinized the effectiveness of security protocols on government devices, highlighting that until August 2025, the CIO office had not implemented mobile threat defense software on any government-issued equipment. Despite the existence of a policy mandating the wiping of government devices used abroad within 24 hours of an agent’s return to the United States, auditors found that this procedure was not routinely followed.
Additionally, the government’s adoption of TeleMessage—a messaging app similar to Signal used for archiving communications—also raised concerns. The auditors criticized the OCIO for failing to properly assess the security of applications prior to their deployment, referencing the use of a “third-party messaging solution with automatic message archiving” that provided capabilities comparable to other popular commercial messaging apps. This particular app was discontinued in May 2025, coinciding with public knowledge of a significant cybersecurity breach that compromised TeleMessage’s backend panel.
In light of these findings, auditors proposed five substantial recommendations aimed at enhancing device management, reinforcing cybersecurity training for personnel, improving security measures for devices used overseas, conducting thorough testing of mobile applications before deployment, and reinstating the agency’s ban on the use of personal devices for official work.
While the Secret Service agency has consented to implement all five recommendations, some remain under review, contingent on observable improvements as the agency aims to curtail the routine use of personal smartphones by its personnel.
This unsettling episode underscores the critical need for strengthened security protocols within governmental agencies to effectively protect sensitive information and ensure the safety of personnel tasked with high-stakes protective missions. With ongoing technological advancements and growing cybersecurity threats, the imperative remains to prioritize secure communications at all levels of government.
With reporting from ISMG’s David Perera in Northern Virginia.