President Trump Thinks Basic Phone Security Is Simply Too Inconvenient
from the who-needs-updates dept
For the past year much has been made of the President's unwillingness to adhere to anything close to reasonable security when using his mobile phones. Whereas the Defense Information Systems Agency (DISA) and the National Security Agency usually work in concert providing state leaders with "hardened" devices that are heavily encrypted, routinely updated, and frequently swapped out, Trump has refused to use these more secure DMCC-S devices (effectively a Samsung Galaxy S4 device utilizing Samsung's Knox security architecture) because they apparently infringe on his ability to Tweet.
Just a few months ago, Senators sent a letter expressing concern that Trump's mobile phone practices were leaving the President open to potential hacking by foreign entities:
"The President of the United States stands alone as the single-most valuable intelligence target on the planet. Given the apparent lack of progress the Administration has made since initial reports in 2016 of the President’s poor operational security, it appears the only thing standing between the Office of the President and the next national security nightmare is a combination of President Trump’s personal restraint and sheer luck."
Eventually, the President was convinced to use two iPhones: one locked down specifically for Twitter, and the other specifically tasked with making phone calls. Even here reports have suggested that Trump has struggled to adhere to these restrictions, often making personal calls on his unsecured Samsung Galaxy III. This week a report from Politico highlights again how White House and IT security staff have recommended that these devices be routinely swapped out, an idea the President continues to resist:
"While aides have urged the president to swap out the Twitter phone on a monthly basis, Trump has resisted their entreaties, telling them it was “too inconvenient,” the same administration official said.
The president has gone as long as five months without having the phone checked by security experts. It is unclear how often Trump’s call-capable phones, which are essentially used as burner phones, are swapped out."
And yeah, that's a serious problem. While these devices appear to be the equivalent of burner phones, five months is forever in security world, giving attackers ample opportunities to compromise the microphone, camera, or other hardware embedded in Trump's devices. It's a particularly notable problem in the wake of things like the SS7 vulnerablity -- a flaw mobile carriers routinely try to downplay that opens the door to remote surveillance and a wide variety of attacks on most modern smartphones and mobile networks.
Dear @realDonaldTrump: The #SS7 flaw allows foreign governments to listen in on your unsecured cell phone.
If you're not concerned about that, how about this: that same flaw gives US intelligence the capability to listen in on your phone.
Will you please change your behavior? https://t.co/luuqymFHY9
— Ted Lieu (@tedlieu) May 22, 2018
Needless to say, the President's abysmal privacy and security practices likely make a delicious potential target for hostile foreign powers, something you'd think Trump would realize given his breathless hyperventilation regarding a certain home e-mail server. Meanwhile, the President's disdain for routine security comes incongruently as his FCC moves to block many Chinese hardware vendors from doing business in the States, a protectionist move the administration insists is exclusively focused on protecting national security.
Filed Under: disa, donald trump, secure phone, security, tweeting
