Wednesday, October 24, 2018

Trump has two ‘secure’ iPhones, but the Chinese are still listening

President Trump has three iPhones — two of them are “secure” and his third is a regular personal device. But whenever the commander-in-chief takes a call, his adversaries are said to be listening.

That’s according to a new report by The New York Times, which put a spotlight on the president’s array of devices — and how he uses them.

Trump reluctantly gave up his old and outdated Android-powered Samsung Galaxy phone when he took office in 2016 and was transitioned to Apple devices. iPhones have historically been seen as more secure than their Android counterparts. Although one of his devices is a regular iPhone that he can use to store his contacts, the two other iPhones for official business have been modified and locked down by the National Security Agency to prevent eavesdropping.

Except — even when you’re in the White House, you can’t escape the aging, ailing and insecure cell network that blankets the capital and the vast majority of the U.S.

A crucial cell network system that helps broker and pass information between networks — known as Signaling System No. 7 (or just SS7) — have made it easier in recent years for hackers to intercept phone calls and text messages. SS7 is the protocol that cell networks use to establish and route calls and texts, but SS7 so broken that codes used for two-factor authentication have been intercepted and used to break into and drain bank accounts.

Those largely unfixed flaws make it far easier for governments — and anyone else — to tap into calls as they’re being made. That includes China, Russia — and any reasonably knowledgable attacker with the resources to pull off a successful intercept.

Trump’s reliance on three iPhones may seem cumbersome, but it’s a step up from what his predecessor got.

President Obama once likened his government-issued iPhone — given to him during his second term — to a “play phone [that] your 3-year-old has.” It was modified so that it could receive email but couldn’t make calls, and didn’t have a camera or microphone that foreign adversaries could use to glean any knowledge that the president was working on. He wasn’t even allowed to text — not necessarily for technical reasons, but to comply with the Presidential Records Act, which requires high-ranking government officials to store their official communications.

As much as Trump has been given more leniency than Obama, the president is still supposed to receive new, clean devices every month to cut off any hidden persistent malware that could be lurking within. But that policy isn’t enforced as closely as it should be, the report says, because of the inconvenience of having to manually port over the old data to the new phone without accidentally transferring any lingering malware — if any.

Although flaws in SS7 remain an issue for the average person, they’re apparently no match for the president’s own terrible “opsec” — or operational security, an awareness of the threats that he faces and the effort to mitigate them. Even if the Chinese or the Russians aren’t listening to his calls, they could always try their luck by hanging around one of his golf courses — where the president sent staff into a scramble after losing one of his phones in a golf cart.

And this is someone we trust with the nuclear codes.



Source: TechCrunch http://j.mp/2PTqemE

No comments:

Post a Comment