President Donald Trump has a new phone. An iPhone.
That would not ordinarily be news, but given the security concerns about the risk of hack attacks on the prolific White House tweeter, the shift is significant.
Cybersecurity specialists say Trump’s decision to transition from his Android device — details of which were never disclosed but which was believed to be an unsecured, older-model Samsung — is positive for security, but doesn’t eliminate risks from hackers.
“I can guarantee the Russians and Chinese will try to figure out an attack,” said John Dickson, a former air force cybersecurity officer who now works for the Texas-based Denim Group consulting firm.
White House social media chief Dan Scavino confirmed the smartphone shift this week, tweeting that Trump “has been using his new iPhone for the past couple of weeks here on Twitter. Yes, it is #POTUS45 reading & tweeting!”
Dickson said security will depend on how the president is using the device — whether it is exclusively for tweeting — and if it is plugged into an enterprise management system that can “wall off” vulnerabilities.
“If it’s a single-purpose device, the risk is minimal,” he said. “But as soon as you start clicking on things, downloading apps, granting access, that’s when things matter tremendously.”
Mobile devices can be hacked to allow an attacker to listen via the phone’s microphone, access its camera, monitor geolocation or even take over the handset remotely.
Former president Barack Obama carried a BlackBerry, and later a different smartphone, with security modifications that limited its functions.
Trump’s switch comes despite his call for a boycott a year ago of the iPhone maker for refusing FBI requests to help hack a device for a probe into a deadly California attack.
– More secure? –
Some analysts say Apple devices may offer more security because the company controls the hardware and software and frequently updates its operating system. Apple did not respond to an AFP query on Trump’s decision.
Betsy Cooper, executive director of the University of California’s Center for Long-Term Cybersecurity said that despite Apple’s reputation, recent research has shown “that both iPhones and Android can be abused by hackers.”
Cooper said it remains unclear how the president’s social media is managed — what devices are used and who has access to his personal @realDonaldTrump and official @POTUS handles on Twitter.
From a security standpoint, “it would be better to eliminate the personal accounts and use only government devices and government-protected social media accounts,” Cooper said.
Concerns of hacking come following Trump’s unverified allegation that his phones were tapped during last year’s election campaign, and after leaked documents from former contractor Edward Snowden showed US tapping of German leader Angela Merkel’s personal phone.
Some phones are marketed as “hardened” or secure devices for people in power, but it wasn’t clear if these are used at the White House.
– Phone as ‘honeypot’? –
Nicholas Weaver, a researcher at the California-based International Computer Science Institute, said Trump’s phone swap “massively reduces, but does not completely eliminate, the security risks.”
But while he agreed foreign governments are likely to try to hack the phone, Weaver said US intelligence services may have modified it to be “a nice honeypot to trap attempted attacks.”
A honeypot is a technique used to lure hackers and attackers to identify them and find ways to neutralize or punish them.
Weaver said in a blog post earlier this year that Trump’s use of an older Android device opened massive security risks and that “the working assumption should be that Trump’s phone is compromised by at least one — probably multiple — hostile foreign intelligence services.”
At the time, it was not clear what type of handset Trump was using, but a New York Times report after the inauguration said he was using “his old, unsecured Android phone.”
Last month, Representative Ted Lieu of California called for an investigation, saying Trump’s phone use may be “jeopardizing national security.”
Dickson said that even with strong security, the president could fall victim to an attack if he uses his phone for email and web browsing.
This could be in the form of “spearphishing,” or a message disguised to look as if it’s from a trusted aide or family member, but which contains malware.
“This is what sophisticated attackers do,” Dickson said, and because the president’s activities are widely known, “he would be an easier target for spearphishing.”