Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

With New iPhone, Trump Still a Target for Hackers

President Donald Trump has a new phone. An iPhone.

That would not ordinarily be news, but given the security concerns about the risk of hack attacks on the prolific White House tweeter, the shift is significant.

President Donald Trump has a new phone. An iPhone.

That would not ordinarily be news, but given the security concerns about the risk of hack attacks on the prolific White House tweeter, the shift is significant.

Cybersecurity specialists say Trump’s decision to transition from his Android device — details of which were never disclosed but which was believed to be an unsecured, older-model Samsung — is positive for security, but doesn’t eliminate risks from hackers.

“I can guarantee the Russians and Chinese will try to figure out an attack,” said John Dickson, a former air force cybersecurity officer who now works for the Texas-based Denim Group consulting firm.

White House social media chief Dan Scavino confirmed the smartphone shift this week, tweeting that Trump “has been using his new iPhone for the past couple of weeks here on Twitter. Yes, it is #POTUS45 reading & tweeting!”

Dickson said security will depend on how the president is using the device — whether it is exclusively for tweeting — and if it is plugged into an enterprise management system that can “wall off” vulnerabilities.

“If it’s a single-purpose device, the risk is minimal,” he said. “But as soon as you start clicking on things, downloading apps, granting access, that’s when things matter tremendously.”

Mobile devices can be hacked to allow an attacker to listen via the phone’s microphone, access its camera, monitor geolocation or even take over the handset remotely.

Former president Barack Obama carried a BlackBerry, and later a different smartphone, with security modifications that limited its functions.

Trump’s switch comes despite his call for a boycott a year ago of the iPhone maker for refusing FBI requests to help hack a device for a probe into a deadly California attack.

– More secure? –

Some analysts say Apple devices may offer more security because the company controls the hardware and software and frequently updates its operating system. Apple did not respond to an AFP query on Trump’s decision.

Betsy Cooper, executive director of the University of California’s Center for Long-Term Cybersecurity said that despite Apple’s reputation, recent research has shown “that both iPhones and Android can be abused by hackers.”

Cooper said it remains unclear how the president’s social media is managed — what devices are used and who has access to his personal @realDonaldTrump and official @POTUS handles on Twitter.

From a security standpoint, “it would be better to eliminate the personal accounts and use only government devices and government-protected social media accounts,” Cooper said.

Concerns of hacking come following Trump’s unverified allegation that his phones were tapped during last year’s election campaign, and after leaked documents from former contractor Edward Snowden showed US tapping of German leader Angela Merkel’s personal phone.

Some phones are marketed as “hardened” or secure devices for people in power, but it wasn’t clear if these are used at the White House.

– Phone as ‘honeypot’? –

Nicholas Weaver, a researcher at the California-based International Computer Science Institute, said Trump’s phone swap “massively reduces, but does not completely eliminate, the security risks.”

But while he agreed foreign governments are likely to try to hack the phone, Weaver said US intelligence services may have modified it to be “a nice honeypot to trap attempted attacks.”

A honeypot is a technique used to lure hackers and attackers to identify them and find ways to neutralize or punish them.

Weaver said in a blog post earlier this year that Trump’s use of an older Android device opened massive security risks and that “the working assumption should be that Trump’s phone is compromised by at least one — probably multiple — hostile foreign intelligence services.”

At the time, it was not clear what type of handset Trump was using, but a New York Times report after the inauguration said he was using “his old, unsecured Android phone.”

Last month, Representative Ted Lieu of California called for an investigation, saying Trump’s phone use may be “jeopardizing national security.”

Dickson said that even with strong security, the president could fall victim to an attack if he uses his phone for email and web browsing.

This could be in the form of “spearphishing,” or a message disguised to look as if it’s from a trusted aide or family member, but which contains malware.

“This is what sophisticated attackers do,” Dickson said, and because the president’s activities are widely known, “he would be an easier target for spearphishing.”

Related: Obama Not Allowed an iPhone for Security Reasons

RelatedRussian Officials Dump iPads for Samsung Tablets Over Spy Fears

 

RelatedRussia Unveils Secure “Almost Android” Tablet To Keep Data Away From Google

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Chinese tech giant Huawei patched nearly 300 vulnerabilities in its HarmonyOS operating system in 2022.