In an investigation that began in July 2017 and concluded this month, GAO testers discovered some shocking security problems. In many cases, the weapons and systems still used default passwords. In others, unauthorized access could be obtained with “relatively simple tools”; in one case, it took nine seconds.

The testers also looked for previously reported vulnerabilities. In one instance, only one in 20 had been fixed.

The problems that the testers found weren’t small ones. In some cases, scanning the weapon caused it to shut down. In another, the test had to be halted for safety concerns.