Servers supporting the Blackberry devices used by federal air marshals have high-risk vulnerabilities thanks to a backlog of security patches, says the Homeland Security Department inspector general.

In a redacted report dated July 29 not posted online until Aug. 22, the DHS OIG says scans of Federal Air Marshall Service Blackberry enterprise servers turned up a number of vulnerabilities, the total number being undisclosed to the public.

Transportation Security Administration officials (the air marshal service is part of the TSA) told auditors a backlog of server patches built up thanks to a recent switch in infrastructure providers that caused the previous patch testing environment to be unavailable. The backlog is being addressed, the report states.

Auditors also tested TSA office buildings for leakage of its wireless signals, and found instances of it in two buildings. However, the leakage isn't a security vulnerability, the report says, because of mitigating controls, such as a hidden service set identifier, a requirement for the specific client, strong encryption and a TSA certificate required both on users' laptops and the authentication server.

For more:
- download the redacted report, OIG-11-99 (.pdf)

Related Articles:
GAO denies Unisys protest over TSA contract 
Airport worker badges going to dogs 
GAO: TWIC introduces security vulnerabilities